[SOLVED] How to auto download backup file from pfsense to local folder via SCP?

anonymous01 · Feb 25, 2020, 1:27 PM

@stephenw10 sorry yes i could ssh successfully now.

I created the above script, tried with the #!/bin/bash and #!/bin/sh header

But pfsense cant seem to read this script, i either get permission denied or failed to connect to pfsense.
(error code 3 and 127 from winscp)

Winscp is login as root, chmod 777 the script, tried moving the script to /root/, to /usr/bin/, to /bin/ but still cant seem to execute it.

Both admin and user privilege has got the scp related privilege.

Gertjan · Feb 25, 2020, 1:34 PM

@anonymous01 said in How to auto download backup file from pfsense to local folder via SCP?:

the scrip

How and where did you create this script ?
What do you see when you type

file script

where script is the script name.

anonymous01 · Feb 25, 2020, 1:56 PM

@Gertjan

I created the script on notepad ++ and saved it as unix script file type specifically . sh
Then i insert this script onto my remote site which is log in as pfsense root on winscp.
Double check that my backup config is saved at /cf/conf/backup directory

my script file name as testbckup.sh

192.168.13.100 is my pfsense ip
192.168.13.10 is my local machine ip
pfsense is the local folder i wanted my config to saved at

My script basically looks like this

#! /bin/sh
scp - r root@192.168.13.100:/cf/conf/backup C:/Users/aria/Desktop/pfsense

What i hv tried and changed:

scp - r root@192.168.13.100:/cf/conf/backup aria@myuserdomain:/Users/aria/Desktop/pfsense
#! /bin/bash
#! /usr/bin/sh (with & without sh)
scp - r root@192.168.13.100:/cf/conf/backup aria@192.168.13.10:/Users/aria/Desktop/pfsense

....
Is my first time writing bash and scp stuff, pls bear with me

anonymous01 · Feb 25, 2020, 2:01 PM

@Gertjan

What do you see when you type

Sorry for being stupid but what do you mean by this?

And for the cron gui, yes i am aware i hv to download that package. It is available in my pfsense gui.

stephenw10 · Feb 25, 2020, 2:28 PM

So you are running that script/command on another host and it's copying the full backup folder from pfSense to a third host?

Does it work if you run it directly from the command line on that client?

Steve

Gertjan · Feb 25, 2020, 3:10 PM

@anonymous01 said in How to auto download backup file from pfsense to local folder via SCP?:

Sorry for being stupid but what do you mean by this?

file script

is a command to be typed on the command line.
'script' is the name of your script.

Example :

I ghave this script file called "script" :

[2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: ls -al script
-rw-r--r--  1 root  wheel  1121 Feb 25 15:55 script

As you can see, it's not executable - no problem, we can handle that :

[2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: chmod 0744 script
[2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: ls -al script
-rwxr--r--  1 root  wheel  1121 Feb 25 15:55 script

Note : with a decent ssh client, the script file name changed color.

When I try to execute the script file :

[2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: ./script
./script: Command not found.

it won't work.

This is the script file :

[2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: cat script
#!/bin/sh
# https://forum.pfsense.org/index.php?topic=134352.msg737158#msg737158
#make sure the directory for the python libraries is in the chroot
mkdir -p /var/unbound/usr/local/lib/python2.7
#link the actual python library directory to the chroot's directory
mount -t nullfs /usr/local/lib/python2.7 /var/unbound/usr/local/lib/python2.7
#copy the python script to the /var/unbound directory so
#unbound-checkconf can find it
rm -f /var/unbound/var/unbound/netflix-no-aaaa.py
cp /root/netflix-no-aaaa.py /var/unbound/netflix-no-aaaa.py
#make sure unbound can read it
chown unbound:unbound /var/unbound/netflix-no-aaaa.py
#create a /var/unbound directory in the /var/unbound directory so that
#unbound can find the script
mkdir -p /var/unbound/var/unbound
#copy the python module into the /var/unbound/var/unbound directory under the chroot #directory
rm -f /var/unbound/var/unbound/netflix-no-aaaa.py
ln -s /var/unbound/netflix-no-aaaa.py /var/unbound/var/unbound/netflix-no-aaaa.py
#make sure unbound can read it
# bla bla bla bla ..........

I check what type of file it is :

[2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: file script
script: POSIX shell script, ASCII text executable, with CRLF line terminators

And now you know that something is wrong - at least with my example, my script file.
It's Windows (CRLF) encoded. Not Unix.
Welcome in our world, where every OS uses it's own ASCI/ANSI file encoding scheme.

A script file that works would show this as a result :

[2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: file unbound-p.sh
unbound-p.sh: POSIX shell script, ASCII text executable

anonymous01 · Feb 26, 2020, 1:42 AM

@stephenw10
since my script only consist of one command line which is the scp...

Remote site: pfSense
Local: Windows host

I just manually type into my local windows cmd and it works! The backup config is successfully transfered from pfSense to my window host.

However when I tried to upload this script on pfSense...it couldnt execute the script.

stephenw10 · Feb 26, 2020, 2:03 AM

If you're running it from pfSense itself though the scp line will be different. Something like:

scp /cf/conf/backup aria@192.168.13.10:/Users/aria/Desktop/pfsense

As long as the target has the pfSense public key registered for the aria user that should work.

Steve

anonymous01 · Feb 26, 2020, 2:10 AM

@Gertjan

Thank you for explaining!! However I checked but it seems like it is executable, I think either the issue is reside either on the ssh I set up or winSCP

Running this on putty, I have you know once again I wrote this on notepad++ and saved it as unix like file

Script name and overall properties:

Script content:

Script file type:

Just in case, it is my first time setting up ssh key so here is how i set up.

Pfsense System Advanced: enabled ssh, tried enabling and disabling agent forwarding, ssh set as key pw or public key.
User Manager Admin: uses SSH-2 public key
User Manager User: uses SSH-2 public key (same public key as admin)
Putty and WinSCP: Uses private key generated from the same session as public key.
No passphrase is used in this occasion for testing purposes

anonymous01 · Feb 26, 2020, 2:19 AM

@stephenw10

scp /cf/conf/backup aria@192.168.13.10:/Users/aria/Desktop/pfsense

I tried this. so do I just type this command on the cron interface or at the pfsense command prompt ? Or still make it as a .sh script and upload it?

If it is the latter, again it is frozen after changing command.

winscp:

//either that or it keeps showing this error:
ssh: connect to host 192.168.13.10 port 22: Connection refused lost connection

for how i set up ssh pls refer to my second latest reply.
I am starting to think if it is my office firewall blocking the downloads. As for my own host, i hv disabled all firewall.

stephenw10 · Feb 26, 2020, 2:20 AM

There should be no need to run this in a script. Just get it working from the command line first.

It looks like your goal here is to run it from pfSense to push the backup to some other box using a cronjob, yes?

So I'm not sure why you are trying to connect to 192.168.13.10, isn't that where you are running this?

anonymous01 · Feb 26, 2020, 3:24 AM

@stephenw10 said in How to auto download backup file from pfsense to local folder via SCP?:

oks like your goal here is to run

Yes it is just to push backup and ideally to use a cronjob to do so.

However for now, I am tasked to try to push the backup from pfsense to my own pc first....which i created a folder to store it.

Regarding the connecting to 192.168.13.10 (my ethernet ip) , I am not too sure how to write scp command, that is what i read from other forum. I hv tried multiple combination. And i was wondering how would pfsense know where C:/users/.. are located if i did not specify which ip it is on, better yet which host...smtg like the adress location if u get what i meant

Again, i just want the backup to push into my local pc. my pfsense is running on a virtual box, my pc is not.

ssh config and sshd config are all listening to port 22

Edit: I could ping, putty, winscp, telnet from my pc to pfsense. However, at my pfsense test port, i typed my hostname (pc ip) and port 22. it says connection fail.

stephenw10 · Feb 26, 2020, 1:26 PM

Do you have an SSH server running on your local machine? Windows does not run SSH by default.

The very first part of this is to be able to SSH from the pfSense command line to where ever you plan to sent the config files.

If you can do that using a password login then move to using SSH key login instead. Then try using scp.

Steve

anonymous01 · Feb 27, 2020, 2:55 AM

@stephenw10 okay so you meant that i hv to install OpenSSH and enabled the ssh? Then it should be working?

So i just need to type the following cmd on pfsense?
scp - r root@fwip:/cf/conf/backup user@localip:C:\path\to\store\bckup

Or

scp - r /cf/conf/backup user@localip:C:\path\to\store\bckup

anonymous01 · Feb 27, 2020, 10:27 AM

Thank you everyone for assisting

I wrote another script on powershell which works for me, will post when it is fully functional with other additional features.