https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8004#M391 <HTML><HEAD></HEAD><BODY><P>What error do you get with that SSH command?</P><P>I suspect the issue is that the environment variables aren't getting set correctly for this other user.</P></BODY></HTML> Fri, 13 Jul 2018 15:39:15 GMT PhoneBoy 2018-07-13T15:39:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8001#M388 <HTML><HEAD></HEAD><BODY><P>All,</P><P></P><P>I'm trying to write a bash script to run from my management station to connect to the gateways via ssh. I would like to utilize the login without password prompting. I followed sk95890 - How to configure SSH authentication on Gaia OS using RSA key files , but the problem is that the user cannot type in any GAIA commands. I then tried changing the uid of the user to uid=0, but that broke the authentication piece of it and I have to type in passwords. Anyone know of a way this can be accomplished with uid=0 account?</P><P></P><P>I apologize in advance if this is a double post from the day before.</P><P></P><P>Thanks in advance,</P><P></P><P>Bill</P></BODY></HTML> Thu, 12 Jul 2018 13:13:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8001#M388 Bill_Ng 2018-07-12T13:13:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8002#M389 <HTML><HEAD></HEAD><BODY><P>Generally when you call ssh from a script, it's done in non-interactive mode, meaning you cannot interactively enter commands.</P><P>Can you share with us the relevant&nbsp;script fragment?</P></BODY></HTML> Fri, 13 Jul 2018 10:11:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8002#M389 PhoneBoy 2018-07-13T10:11:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8003#M390 <HTML><HEAD></HEAD><BODY><P>Hi Dameon,</P><P></P><P>I'm trying to use 'ssh -i /home/user1/.ssh/id_rsa 10.10.10.10 fw ver'.&nbsp; user1 was created within the GAIA portal with uid=0.&nbsp; The problem is that I can't get user1 to use the id_rsa file correctly to authenticate to the gateway.&nbsp; It still prompts me for a password.&nbsp; I noticed that when I created the rsa key it actually put it in /home/admin/.ssh.&nbsp; If I changed the uid to 103 or something else I can use the id_rsa fine, but I can't fun the GAIA commands like 'fw ver, cphaprob stat' and others.</P><P>Hope that makes sense.&nbsp;&nbsp;Let me know if you need more info.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 13 Jul 2018 14:42:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8003#M390 Bill_Ng 2018-07-13T14:42:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8004#M391 <HTML><HEAD></HEAD><BODY><P>What error do you get with that SSH command?</P><P>I suspect the issue is that the environment variables aren't getting set correctly for this other user.</P></BODY></HTML> Fri, 13 Jul 2018 15:39:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8004#M391 PhoneBoy 2018-07-13T15:39:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8005#M392 <HTML><HEAD></HEAD><BODY><P>I'm not getting an error per se. It's still prompting me for password to sign&nbsp;when I run that command from my management station to the gateway.</P></BODY></HTML> Fri, 13 Jul 2018 16:48:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8005#M392 Bill_Ng 2018-07-13T16:48:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8006#M393 <HTML><HEAD></HEAD><BODY><P>More info.</P><P></P><P>I was able to get the default 'admin' to authenticate to the gateway with rsa key.&nbsp; The shell for 'admin' is /etc/cli.sh.&nbsp; I want to keep the admin in clish.&nbsp; So I created an admin-like user from the portal named 'user1' and changed the shell for that account to /bin/bash.&nbsp; I followed all the same steps I did with the default 'admin' account.&nbsp; I noticed when 'ssh-keygen' for the user1 account it by default wants to write it to /home/admin/.ssh not /home/user1/.ssh.&nbsp; I did change the location to /home/user1/.ssh/ and named the file user1_rsa.&nbsp; It created user1_rsa and user1_rsa.pub. and at the end of the file it puts in <A href="mailto:admin@managementservername">admin@managementservername </A>and not <A href="mailto:user1@managementservername">user1@managementservername</A>.&nbsp;&nbsp;</P></BODY></HTML> Fri, 13 Jul 2018 18:07:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8006#M393 Bill_Ng 2018-07-13T18:07:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8007#M394 <HTML><HEAD></HEAD><BODY><P>just put content of rsa key from&nbsp;<SPAN style="color: #333333; background-color: #ffffff;">/home/admin/.ssh into ".ssh/authorized_keys" under user where you are running script and execute ssh like this:</SPAN></P><P><SPAN style="color: #333333; background-color: #ffffff;">ssh my_test_user<A href="mailto:user@ip_address">@ip_address</A></SPAN></P><P></P><P><SPAN style="color: #333333; background-color: #ffffff;">On remote host you need to have created user "my_test_user", create hidden folder .ssh under /home/my_test_user/,&nbsp; create file "authorized_keys" in that folder and put rsa key already generated.</SPAN></P><P></P></BODY></HTML> Fri, 13 Jul 2018 19:34:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8007#M394 JozkoMrkvicka 2018-07-13T19:34:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8008#M395 <HTML><HEAD></HEAD><BODY><P>Then the other question is why would you want to run a SSH session from management to the GW? Why not use cprid to execute a script on the GW?</P></BODY></HTML> Fri, 13 Jul 2018 20:56:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8008#M395 Maarten_Sjouw 2018-07-13T20:56:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8009#M396 <HTML><HEAD></HEAD><BODY><P>yep, the best option.</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101047">more info (including script) here.</A></P></BODY></HTML> Sat, 14 Jul 2018 18:47:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8009#M396 JozkoMrkvicka 2018-07-14T18:47:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8010#M397 <HTML><HEAD></HEAD><BODY><P>Hi Jozko,</P><P></P><P>Thanks.&nbsp; That did the trick for SSH.&nbsp; It works now with the other ID.</P><P></P><P>Hi Maarten/Jozko,</P><P></P><P>I never knew of or have used 'cprid_util'.&nbsp; In looking at link it looks like it will do the trick as well if not better using SIC.&nbsp; I'll start playing around with cprid_util as well.&nbsp; I was a little leary in trying to make ssh work.</P><P></P><P>Thank you both so much for pointing me in the right direction.</P><P></P><P>Bill</P></BODY></HTML> Mon, 16 Jul 2018 16:28:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-authentication-using-RSA-for-uid-0/m-p/8010#M397 Bill_Ng 2018-07-16T16:28:41Z