FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 193152
Description
How to Configure Remote Backup via SSH

Scope
Version:   All
Solution
Version:  All

When the SSH Remote Backup option is selected in the Remote Backup Configuration,
SCP is used to transfer the files.  SSH uses an encrypted key which must be copied from the Network Sentry to the remote server, preferably in an account other than ROOT. 

Note: If the Network Sentry appliance consists of a Control Server/Application Server pair, follow this procedure for both servers.

Configure SSH for Backup Protocol


1.  From the Admin UI, navigate to System > Settings > System Management > Database Backup, and locate the SSH section. 
2. Select the Enable checkbox. 
3. Set the Server field to the backup user account on the remote, using the format <username>@<ip-address> .
4. Set the remote path to the directory where the backups should be stored. 


Copy the Key to the Remote Server Account (Linux)

1. Access the CLI on the Network Sentry Control Server as root. 
2. Navigate to the .ssh directory: 
cd /root/.ssh 
3. Display and copy the key: 
cat id_rsa.pub 
4. Access the remote server where the backups will be stored as root. 
5. If the .ssh directory does not exist, create it: 
mkdir /home/<backup_username>/.ssh 
6. Change the permissions: 
chmod 700 /home/<backup_username>/.ssh 
7. Navigate to the .ssh directory, and then paste (append) the key you copied from the Network Sentry to the authorized_keys2 file: 
cd /home/<backup_username>/.ssh 
vi authorized_keys2 
Note: The format of authorized_keys2 file is one entry per line. 
8. Make sure the key you paste is identical to the key on the Network Sentry - no extra white space or characters. 
9. For a High Availability Control Server/Application Server pair, repeat this process for the key on the every server. 


Copy the Key to the Remote Server Account (Third Party)

1.  Access the CLI on the Network Sentry Control Server as root.
2.  Navigate to the .ssh directory. Type
cd /root/.ssh
3.  Display and copy the key. Type
cat id_rsa.pub
4.  Associate the public key to the remote server where the backups will be stored.

Note:  This process will vary depending on the product. Refer to the SSH server product documentation for instructions.


Validate the Connection and a Backup

1.  From the CLI on the Network Sentry appliance, test the connection to the remote by entering the ssh command, specifying the backup user account on the remote: 
ssh <backup_user>@<ip_remote> 
2.  The backups are scheduled tasks (System > Scheduler).  Run a backup, and verify that it is stored on the remote in the directory path configured earlier in this procedure.


Contributors