topic SSH connection to SMB with keypair in Spark Firewall (SMB)

SSH connection to SMB with keypair

Petr_Hantak — Tue, 11 Apr 2023 07:43:13 GMT

Hi SMB Masters!

I would like to ask you if anyone have an experience how to setup SSH connection with keypair to Sparks. Anyone? I know it must be in bashUser etc. But SMB has no classic home folder for admin user for example. Where we should put keys if we want to do it?

Re: SSH connection to SMB with keypair

PhoneBoy — Wed, 12 Apr 2023 16:41:21 GMT

Root's "home" directory is / (i.e. the root filesystem).
Which would imply that you can create a /.ssh/authorized_keys file.
However, in R81.10.05, it appears this is disabled in /pfrm2.0/etc/sshd_config
(Earlier code revisions use dropbear, which may already allow this)

You might be able to tweak the configuration to make this work.

Re: SSH connection to SMB with keypair

PhoneBoy — Wed, 12 Apr 2023 16:50:42 GMT

The official procedure for this: https://support.checkpoint.com/results/sk/sk179986
Note that it only applies to Quantum Spark SMB appliances running R81.10.xx where OpenSSH is used instead of Dropbear.

Re: SSH connection to SMB with keypair

G_W_Albrecht — Mon, 17 Apr 2023 15:45:45 GMT

For Security Gateway 80 / 600 / 700 / 1100 / 1200R/ 1400 appliances see here: https://community.checkpoint.com/t5/SMB-Gateways-Spark/Perform-scheduled-scripted-tasks-on-SMB-devices-without-using/m-p/40054?search-action-id=62382368685&search-result-uid=40054 and sk106836: How to configure SSH authentication using RSA key files on Security Gateway 80 / 600 / 700....

Re: SSH connection to SMB with keypair

Petr_Hantak — Tue, 18 Apr 2023 06:32:58 GMT

@G_W_Albrecht and @PhoneBoy thank you guys! I am surprised that I was not able to find newest SK myself when I was digging in knowledge base.

Re: SSH connection to SMB with keypair

nmelay1 — Tue, 24 Oct 2023 13:54:11 GMT

Deleted.

It was still online last week. It's really annoying that published SKs constantly get retracted without any kind of explanation/justification.

Edit :

It seems like this SK's content made its way to the Admin Guide.
https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/SSH-Authentication.htm
That's probably where I read about this last week.
Deleted SKs are still an issue though.

Re: SSH connection to SMB with keypair

nmelay1 — Tue, 24 Oct 2023 09:46:35 GMT

mkdir /storage/.ssh
chmod 700 /storage/.ssh
cd /storage/.ssh
touch authorized_keys
chmod 600 authorized_keys
cat >> authorized_keys (paste your key(s), end with Ctrl-D)
sed -i '/^AuthorizedKeysFile/s!none!/storage/.ssh/authorized_keys!' /pfrm2.0/etc/sshd_config
/pfrm2.0/bin/sshd.sh

The last 2 commands need to be repeated after each firmware upgrade.

Re: SSH connection to SMB with keypair

Oliver_Fink — Mon, 05 Feb 2024 15:44:20 GMT

Sk has been deleted.

Re: SSH connection to SMB with keypair

PhoneBoy — Mon, 05 Feb 2024 21:33:05 GMT

It's in the product documentation now: https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Centrally_Managed/EN/Content/Topics/SSH-Authentication.htm