oxidized icon indicating copy to clipboard operation
oxidized copied to clipboard
verified publisher icon ytti

FortiOS changes private key encryption every time config is downloaded

Open anubisg1 opened this issue 1 year ago • 2 comments

This is very similar to https://github.com/ytti/oxidized/issues/931 and https://github.com/ytti/oxidized/issues/1199

the following lines are not excluded from configurations and they change every time the config is pulled

set password ENC
set passphrase ENC
set key ENC
set secondary-key ENC
set server-key ENC

i'm running 0.30.1 (probalby newer, i have latest docker image)

anubisg1 avatar May 27 '24 18:05 anubisg1

config:

...
models:
  fortios:
    vars:
      remove_secret: true
...

works for me

systeembeheerder avatar Jul 12 '24 14:07 systeembeheerder

This issue is stale because it has been open 90 days with no activity.

github-actions[bot] avatar Oct 11 '24 02:10 github-actions[bot]

I also have this problem, although it is more a problem of fortios generating new hashes every time we save the configuration.

I considered adding a command to models to tell Output::store not to save the config if nothing other than certain lines (/^set password .*$/) has changed.

robertcheramy avatar Dec 17 '24 19:12 robertcheramy

This issue is stale because it has been open 90 days with no activity.

github-actions[bot] avatar Mar 18 '25 02:03 github-actions[bot]

As @systeembeheerder wrote, if you want to remove the secrets, use remove_secret: true. The issue that fortigates updates the seed of the passwords at every backup can't be solved in oxidized.

robertcheramy avatar Apr 21 '25 20:04 robertcheramy