Forum Discussion
Chris_P_15522
Nimbostratus
NimbostratusSCP nightly backup with Bitevise
Hi I have a 4300 Firepass currently backingup nightly by FTP. However we are now looking at migrating to an SCP server using the application bitevise.
This application works well with CLI backups from a firewall manager but using the Firepass SCP backup with the public private keys seems to not get a valid login to do the backup
Are there any known issue in using bitvise as an SCP server to backup a firepass runnung 6.1.0?
Are there any special configeration requirements for bitvise to get this working?
Regards
Chris Pearce
Cspillane_18296Hello Chris,
I'm afraid I am not familiar with BitVise but i have got SCP logging working using copssh; maybe my brief notes will help anyhow?
Step by Step Guide:
1. Install 'copssh' (a windows version of openssh) - tested and working on an XP machine.
2. Activate a user via Start > All Programs > Copssh > 01. Activate a user . You may wish to create a new Windows user before carrying out this step.
3. Open a BASH shell via Start > All Programs > Copssh > start a Unix BASH shell, and run: ssh-keygen -b 1024 -t rsa -N -f
4. On the Firepass go to Device Management > Logs > Purge Logs and tick 'create archive' and 'SCP' . Input the user (as per point 2 above), host, path ('/' for example), key type (RSA 1024 bit for example) and format = OpenSSH. Click 'update'.
5. Download the public key via the link 'Generate and download new public key'
6. Copy this key to the C:\Program Files\ICW\home\\.ssh (or the alternative path to which you installed Copssh – obviously the username is the same as in points (2) and (4) above).
7. Open the key file that we just copied, using a text editor and copy the entire string.
8. Add the string into the 'authorized_keys' file (again just copy it in there using notepad, beneath any existing entries).
Use 'click here to purge logs right now' on the FirePass to test.......
If all goes to plan you will get a message on the FirePass screen that 'Archive has been put to x.x.x.x server.'
The log files should appear in C:\Program Files\ICW and will be in the format 'backup--URM--YYYYMMDDhhmmss>.zip' . You may need to wait for logs to be generated before you can test this successfully. As a sidenote, a quick way to check if the files were sent is to look under 'Temporary Archive Storage' (still within the FirePass Log page, below where we setup SCP logging) since any failed logs will be saved here – you will receive a message that the upload fails but if there are no logs to send, no error appears.
Chris_P_15522Thanks for your responses, the bitvise s/w has a group of issues, being it took over an hour to the the public key authentication working. Once that was done the next was what is the syntax for the target path.
Of all things the target path needed to be "." (thats a dot only in the path.
The full patch was part of the bitvise configuration and the addition of the 2nd key for the standby unit was simple to setup once getting authentication working.
Note if you are running a HA setup warning message will still occur until both public keys are on the target server.
Well learnt a lot, hope this will help someone else in the future
Bitvise version 5
Cheers
Chris