https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89554#M17951 <P>Hi Hristo,</P><P>Thanks for the response.&nbsp; Interestingly enough, it shows that sshd is listening (screen shot attached).</P><P>-Ruan</P> Tue, 23 Jun 2020 12:01:17 GMT Ruan_Kotze 2020-06-23T12:01:17Z https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89548#M17949 <P>Hi All,</P><P>We recently picked up an issue where we couldn't establish SSH connections to our gateways anymore.&nbsp; I confirmed policies were in place to allow SSH connections from our jumpbox, also the jumpbox is confirmed to be a trusted host.</P><P>As part of troubleshooting I did a telnet to the gateway IP on port 22 and it responded with "220 Check Point FireWall-1 Secure FTP server".&nbsp; I compared this to another working gateway, which responded with "SSH-2.0-OpenSSH_7.8".&nbsp; Why would an FTP server be listening on the SSH port?</P><P>I did some research, and apparently this can be caused by a combination of having a FTP resource defined and using that resource in a policy.&nbsp; This is not the case for me.&nbsp; I also confirmed that&nbsp;fwauthd.conf has FTP listening on TCP 21.</P><P>I've got a ticket open with TAC for this, but was wondering if anyone else ran across this.&nbsp; I'm running R80.40 Take 48 on the affected gateways.</P><P>Thanks,<BR />Ruan</P> Tue, 23 Jun 2020 10:47:00 GMT https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89548#M17949 Ruan_Kotze 2020-06-23T10:47:00Z https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89549#M17950 <P>Open terminal connection from Web Portal and run this command to check what is listening on port 22:</P> <P>#&nbsp;lsof -i :22</P> Tue, 23 Jun 2020 11:10:59 GMT https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89549#M17950 HristoGrigorov 2020-06-23T11:10:59Z https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89554#M17951 <P>Hi Hristo,</P><P>Thanks for the response.&nbsp; Interestingly enough, it shows that sshd is listening (screen shot attached).</P><P>-Ruan</P> Tue, 23 Jun 2020 12:01:17 GMT https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89554#M17951 Ruan_Kotze 2020-06-23T12:01:17Z https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89558#M17953 <P>No idea why would FTP security server listen on port 22 but you could eventually try to move ssh service on port 2222 (for example).</P> Tue, 23 Jun 2020 12:44:02 GMT https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89558#M17953 HristoGrigorov 2020-06-23T12:44:02Z https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89582#M17956 The Security Servers are deprecated and shouldn't ever be used/activated unless you have a Resource rule defined.<BR />Sounds like a bug to me.<BR />As a workaround, you can probably comment out the relevant line in $FWDIR/conf/fwauthd.conf and install policy. Tue, 23 Jun 2020 17:03:52 GMT https://community.checkpoint.com/t5/General-Topics/Check-Point-FTP-server-listening-on-SSH-Port/m-p/89582#M17956 PhoneBoy 2020-06-23T17:03:52Z