Security

Hi,

I want to have a script running on my backup server that will nighly pull the configuration from the firewall.

I understand I can run the command

    scp uname@firewall:ns_sys_config localfile.txt

I want to run this in a cron job, but since there is a password prompt it will not automatically run.  What I need is to somehow store my backup server's public key on the Firewall.  Is this possible?

Are there any other/better solutions?  Thanks,

Tyler

Hi,

Have a look at RANCID:  http://www.shrubbery.net/rancid/

Despite the name, it is extremely useful in fetching configs from different vendor's boxes.

 Have a nice day,

Gniewko 

Hi Make,

Check out the cli guide for the ssh options, you can load a public key using the pka-dsa commands

 set ssh pka-dsa user-name <username> key <now your key>

This works OK, I just tested it.

(Test it and solve the thread if it works) 

Thanks

Ben 

I tried it out and it worked brilliantly.  Here is what I did for anyone else out there who wants to do this.  First off check out the guide here.  http://www.juniper.net/techpubs/software/screenos/screenos5x/cli_5_0.pdf - Page 472 has all the ssh options.

On my backup server I ran "ssh-keygen -t dsa" to create a new key combo.

Then on the Juniper I did "set ssh pka-dsa user-name <user> key <copied contents of public key file from backup server>"

NOTE: Not all the contents, only the key part.  Leave out the header and footer to the file.

Now I can run scp cron jobs from my backup server.

Thank you very much benjamin.  

Welcom.

Ben