https://community.checkpoint.com/t5/Firewall-and-Security-Management/Get-bash-to-Cluster-member-from-Management/m-p/197715#M36934 <P>It's not the transmission of data that's an issue, it's the interactive nature of using a shell as you're doing.<BR />Like I said, not sure how that will work over cprid in every case, but it is clever.&nbsp;</P> Fri, 10 Nov 2023 15:27:39 GMT PhoneBoy 2023-11-10T15:27:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Get-bash-to-Cluster-member-from-Management/m-p/197479#M36899 <P>Hi,</P><P>This is my seccond post. Enjoy!!</P><P>This procedure is for accessing a firewall from the Management, using rshell with</P><PRE>cprid_util </PRE><P><STRONG>Tested</STRONG><SPAN>&nbsp;</SPAN>in R81, R81.10.</P><P>Not test in R80.XX, but i think will be work</P><P>&nbsp;</P><P><STRONG>Prerequisites</STRONG>:</P><P>- Access to Management</P><P>&nbsp;</P><P><STRONG>1)</STRONG>&nbsp;Access via SSH to Management.</P><P>Execute the script rshell.sh attached</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mnocciolino_0-1699462354828.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23120iF262C93E9956012C/image-size/medium?v=v2&amp;px=400" role="button" title="mnocciolino_0-1699462354828.png" alt="mnocciolino_0-1699462354828.png" /></span></P><P>&nbsp;</P><P>In the 1st field put the Management IP</P><P>In the 2nd field put the Gateway IP</P><P>&nbsp;</P><P><STRONG>2)</STRONG>&nbsp;After entering the 2 IPs, you will get access to the Gateway without password as<SPAN>&nbsp;</SPAN><EM>admin</EM><SPAN>&nbsp;</SPAN>user.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mnocciolino_1-1699462354990.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23122i584570E7E21F32BD/image-size/medium?v=v2&amp;px=400" role="button" title="mnocciolino_1-1699462354990.png" alt="mnocciolino_1-1699462354990.png" /></span></P><P>&nbsp;</P><P>This is a not bash console, to jump bash you need put the detail commands.</P><P><EM>script /dev/null -c bash</EM><BR /><EM>PRESS -&gt; "<STRONG>CTRL+Z</STRONG>"</EM><BR /><EM>stty raw -echo; fg</EM><BR /><EM>reset xterm</EM></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mnocciolino_2-1699462354833.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23121iF4D1701788077E1B/image-size/medium?v=v2&amp;px=400" role="button" title="mnocciolino_2-1699462354833.png" alt="mnocciolino_2-1699462354833.png" /></span></P><P>&nbsp;</P><P><STRONG>3)</STRONG>&nbsp;After entering the commands, you will have access to the Gateway. </P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mnocciolino_3-1699462354967.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23123i290EA36C7763AE17/image-size/medium?v=v2&amp;px=400" role="button" title="mnocciolino_3-1699462354967.png" alt="mnocciolino_3-1699462354967.png" /></span></P><P>&nbsp;</P><P><SPAN>4)&nbsp;After you finish using, and try to exit, you will get the following (broken terminal):</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mnocciolino_4-1699462355105.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23124iF5E65E58F7FF0432/image-size/medium?v=v2&amp;px=400" role="button" title="mnocciolino_4-1699462355105.png" alt="mnocciolino_4-1699462355105.png" /></span></P><P>&nbsp;</P><P><SPAN>to mitigate this, enter the command: "<EM>reset xterm"</EM>&nbsp;or close the terminal and open a new one.</SPAN></P><P><SPAN>-----------</SPAN></P><P>Any suggestions or comments are welcome</P><P>mnocciolino</P> Wed, 08 Nov 2023 16:55:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Get-bash-to-Cluster-member-from-Management/m-p/197479#M36899 mnocciolino 2023-11-08T16:55:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Get-bash-to-Cluster-member-from-Management/m-p/197518#M36900 <P>cprid has been there for quite some time (going back to at least R5x days).<BR />It also works on SMB appliances, though be aware of this:&nbsp;<A href="https://community.checkpoint.com/t5/SMB-Gateways-Spark/Output-of-cprid-truncated-after-receiving-60001-bytes/m-p/168096#M8066" target="_blank">https://community.checkpoint.com/t5/SMB-Gateways-Spark/Output-of-cprid-truncated-after-receiving-60001-bytes/m-p/168096#M8066</A></P> <P>However, I'm pretty sure it's not meant for interactive use, only executing specific commands.<BR />Therefore, you might find some issues that result from using it in this manner.</P> Wed, 08 Nov 2023 22:17:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Get-bash-to-Cluster-member-from-Management/m-p/197518#M36900 PhoneBoy 2023-11-08T22:17:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Get-bash-to-Cluster-member-from-Management/m-p/197699#M36929 <P>Hi PhoneBoy,</P><P>I only use cprid to execute the "rshell" command, I do not use cprid to transmit data.</P><P>I used this to reset the admin password, because they didn't remember the password.<BR />I also used it once because there was no way to reach the management ip, and I logged in to see what the problem might be.</P><P>thank you for your reply.</P> Fri, 10 Nov 2023 12:56:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Get-bash-to-Cluster-member-from-Management/m-p/197699#M36929 mnocciolino 2023-11-10T12:56:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Get-bash-to-Cluster-member-from-Management/m-p/197715#M36934 <P>It's not the transmission of data that's an issue, it's the interactive nature of using a shell as you're doing.<BR />Like I said, not sure how that will work over cprid in every case, but it is clever.&nbsp;</P> Fri, 10 Nov 2023 15:27:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Get-bash-to-Cluster-member-from-Management/m-p/197715#M36934 PhoneBoy 2023-11-10T15:27:39Z