Backup of Riverbed Steelhead devices with SSH

It is possible to send commands through SSH, and with this, it is pretty easy to set up configuration backup of the Riverbed Steelhead devices.

Example:
ssh admin\@<IP or hostname> < <file with commands to run>
ssh admin\@10.0.0.15 < commands.txt

To save the output to file:
ssh admin\@<IP or hostname> < <file with commands to run> > <output file>
ssh admin\@10.0.0.15 < commands.txt > config.conf

To get the configuration, write the following in the "commands.txt" file:
enable
show configuration running

You can also do "show configuration full" to get default values in the configuration in addition to the configuration that has been added.

Other useful stuff you can add in the "commands.txt" file:
write mem - saves the configuration

show info - shows status, update, temperature, version etc

show version - shows serial, version, model, uptime, memory, CPU etc

The SSH commands will ask you for password. You can easily add an RSA key to the device so you do not need to type the password manually.

First you need to generate RSA keys, and then insert the public key into the Riverbed device by typing: 

ssh client user admin authorized-key key sshv2 "ssh-rsa your public key"

To connect with SSH with your RSA keys, use this command:
ssh -T -i private.key admin\@10.0.0.15 < commands.txt > config.conf

The "-T" option is not needed, but it solved a console error message I had.

If you do not know how to create the RSA keys, I have written it in a previous post:

Fortigate SCP backup

I also want to mention this guy for getting me on track :) He has written this with more detailed explanation than me:
Scripting the riverbed steelhead

Rancid and Fortigate - not straight forward

Today I have been working with Rancid and Fortigate. Everything seemed ok in the beginning, all my tests was working as expected.

This was until I found a problem with one of the configuration files. One of the configuration files was missing a lot of configuration. It has stopped after about 60-70 lines. At the end of the diff email, I found the following text: "\ No newline at end of file"
I am not completely sure why this Fortigate was having this problem. It might be because it has VDOM configuration. I solved this by downloading a new fnrancid and fnlogin file from the rancid git repository (https://github.com/dotwaffle/rancid-git/tree/master/bin)

After this, I was a bit skeptical as Rancid did not give any warnings that the configuration was not complete, so I looked deeper into the configuration files that Rancid had backed up. I found that all Fortigates with VDOM configuration did not have the full configuration files. It seems Rancid skips small parts of the configuration as it only get it by typing show commands in the console. I did a search for "config vdom" and "edit root" in backups, but I did not find it. It may not be a problem, but I think it will be a problem to do a complete restore. Another problem is that Rancid do not get the header of the configuration file. This will certainly cause a problem if you need a complete restore.

Header:
#config-version=FGT80C-5.00-FW-build301-141216:opmode=0:vdom=0:user=admin
#conf_file_ver=155545630586610253649
#buildno=0301
#global_vdom=1

You can of course add this header yourself, but I advice to get it right for the firmware your are restoring to. I am not sure what will happen if you get it wrong.

Because of these problems, I rather download the configuration file from the Fortigates with SCP. I have another article in my blog about this.