There are a couple of prerequisites before you can copy the config from a NetScreen or SSG via scp. First, obviously ssh and scp need to be enabled:
set ssh version v2 set ssh enable set scp enable
And of course, you need to enable ssh management on the interface you’re going to connect to the device on:
set interface ethernet0 manage ssh
Once that has been done, from your PC, try the following:
scp netscreen@device-hostname:ns_sys_config ssg.cfg
And you should then have a file called ssg.cfg in that directory. Once again, simple when you know how.
It is also possible to load RSA/DSA keys against ScreenOS usernames, so that password-less login for ssh/scp can be utilised, allowing this method to form the basis of automated config backups.
Hi Daniel,
First of all, thanks for your post which help me to get the netscreen config file of my severals netscreen… But I miss something, I try to do this operation automaticaly with a bash script without entering the password but I don’t know how to set up it using RSA key and stuff.
I tried with these commands but without sucess:
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id2_rsa.pub user@10.1.1.x (user & IP of one my netscreen)
Can you help me on this point?
Thanks in advance,
Romain
Hi Romain,
It’s not possible to use ssh-copy-id, since the NetScreen only implements a subset of SSH features. Instead, you can load RSA/DSA keys via the ScreenOS CLI like the following (assuming the username is alice):
set ssh pka-dsa user-name alice key AAAAB3NzaC1kc3MAAABBAPrdVkvpSiLMT7NfZJm24pqMU2FFpO49+LFmbOipljEYelWTA4J5...You can also get the NetScreen to retrieve the key via tftp, like this:
exec ssh tftp pka-dsa user-name alice file-name key_file_alice ip-addr 172.16.10.11
For SSHv1 replace “pka-dsa” with “pka-rsa”.
Finally, you can also add keys via the NetScreen web UI, under Configuration > Admin > Administrators. There you should see a “SSH-PKA” link in one of the columns of the table of administrators.
Hi Daniel,
Thanks for your explanations, that was perfect, I used the terminal and the web browser methods and both worked with me 🙂
Thank you again.
Have a nice weekend.
BR
Romain