Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Secure transfer config archival? Or only tftp/ftp?

This thread has been viewed 0 times

  • 1.  Secure transfer config archival? Or only tftp/ftp?

    Posted Sep 01, 2015 08:19 PM

    On the Aruba controller, is there a secure method for transfering configuration files to an archive server, or is only ftp + tftp available in that direction?  I notice that I can use scp, but it seems only for copying files to the controller.

     

    Also - can I pass the password in the command with user:pass rather than waiting for the prompt?

     

    If not - can I scp directly to the controller and grab files from flash?  Or is there some other automated way to archive backups of the config that would use enctypted transfer?  scp, ftp over ssl...

     

    **I see this can be done manually in the GUI, but I'm looking to write a shell script to log into the box via ssh and run the commands.

     

    Thanks!



  • 2.  RE: Secure transfer config archival? Or only tftp/ftp?
    Best Answer

    EMPLOYEE
    Posted Sep 01, 2015 08:23 PM

    You can do this:

     

    copy flash: filename scp: <ip address> username filename

    But, the password is always interactive, so you cannot embed it into a script.  you have to use a language like expect...

     



  • 3.  RE: Secure transfer config archival? Or only tftp/ftp?

    Posted Sep 01, 2015 08:25 PM

    I will do that!  Thanks!



  • 4.  RE: Secure transfer config archival? Or only tftp/ftp?

    Posted Sep 01, 2015 08:37 PM

    copy flash: flashbackup.tar.gz scp: 1.1.1.1 backupuser %DateISO%-%DeviceName%-flashbackup.tar.gz

     

    That works, but my filename on my scp server ends up being literally: "%DateISO%-%DeviceName%-flashbackup.tar.gz"

     

    Is that the proper date/hostname syntax?



  • 5.  RE: Secure transfer config archival? Or only tftp/ftp?

    EMPLOYEE
    Posted Sep 01, 2015 08:40 PM

    It does not support variables in the command.  You will probably have to rename after, unfortunately...

     

     



  • 6.  RE: Secure transfer config archival? Or only tftp/ftp?

    EMPLOYEE
    Posted Sep 01, 2015 08:42 PM

    Actually, can't your expect script translate that before it is submitted?

     



  • 7.  RE: Secure transfer config archival? Or only tftp/ftp?

    Posted Sep 01, 2015 08:43 PM

    Haha - yeah.  Sorry, I'm a noob.



  • 8.  RE: Secure transfer config archival? Or only tftp/ftp?

    Posted Sep 01, 2015 10:02 PM

    I got it working using an expect script.  It's ugly for now.  I will clean it up later, but:

     

    #!/usr/bin/expect

    #get local server ipaddr (it's dhcp)
    spawn ifconfig eth0
    expect -re {inet addr:(\S+)}
    set ipaddr $expect_out(1,string)
    expect eof

    set systemtime [clock seconds]
    set now [clock format $systemtime -format %m-%d-%y-%H-%M-%S]
    set transfer "copy flash: flashbackup.tar.gz scp: $ipaddr backupuser $now.hostname-flashbackup.tar.gz"

    #ssh to controller
    spawn ssh user@1.1.1.1

    #backup to flash on controller
    expect {
    "(hostname) #" {send "backup flash\r"}
    }

    #scp transfer flash backup to local server
    expect {
    "(hostname) #" {send "$transfer\r"}
    }

    #scp password
    expect {
    "Password:" {send "tHePaSsWoRd\r"}
    }

    sleep 10

    # exit
    expect {
    "(hostname) #" {send "exit\r"}
    }