cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Vladimir
Pearl

Connecting to vSEC in AWS using WinSCP

Jump to solution

Had to extract the cpinfo from the vSEC on AWS.

For some reason, using # chsh -s /bin/bash , while successfully changing the shell in session, had no effect for WinSCP, as it continue to complain about shell every time I was trying to connect

Running cpinfo with -z option on vSEC did not produce the compressed file.

had to compress it manually, move it to /var/CPbackup/backups/ and download via WebUI.

I was not sure about the integrity of the resultant file and ended up enabling

"Global Properties/Security Management/Improve product experience by sending information to Check Point" and running cpinfo on vSEC again with upload to SR parameters.

While this approach is acceptable in the lab, it hardly is optimal for production environments.

It would be nice to have the option of uploading cpinfo from selected vSECs to SR without changing Global Settings and pushing policy.

Please let me know if there is a better solution than the one I've ended-up using.

Thank you,

Vladimir

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: Connecting to vSEC in AWS using WinSCP

Jump to solution

If you want to change the shell a user uses (eg for SCP), you need to do it in the Gaia WebUI or in clish.

In clish, the commands are:

set user username shell /bin/bash

save config

6 Replies
Admin
Admin

Re: Connecting to vSEC in AWS using WinSCP

Jump to solution

If you want to change the shell a user uses (eg for SCP), you need to do it in the Gaia WebUI or in clish.

In clish, the commands are:

set user username shell /bin/bash

save config

Vladimir
Pearl

Re: Connecting to vSEC in AWS using WinSCP

Jump to solution

Thank you.

Can you explain the difference between the effect of changing shell using chsh -s /bin/bash and set username shell /bin/bash  for SCP and when each of those is preferable?

There was a discussion some time ago about creating a dedicated account for scp access, but there were caveats as to its ability to access the files created by different users.

0 Kudos
Admin
Admin

Re: Connecting to vSEC in AWS using WinSCP

Jump to solution

In Gaia, various OS-level configuration files are maintained in a central configuration database.

You manipulate that database using the WebUI and clish, which in turn talks to confd, which updates the various configuration files periodically.

If you use a Linux command like chsh to change the shell, it only updates the OS configuration file, not the Gaia configuration.

As such, those changes are subject to get overwritten.

Re: Connecting to vSEC in AWS using WinSCP

Jump to solution

I would like to understand what conditions would cause the changes in shell to be overridden.  I have not used the CLISH commands only the Linux chsh command haven't had an issue, yet.  Now I am a little concerned.

0 Kudos
Admin
Admin

Re: Connecting to vSEC in AWS using WinSCP

Jump to solution

Two specific ones I can think of:

1. Anything you do in the Gaia WebUI around user accounts

2. A reboot (all config files are refreshed)

0 Kudos
Vladimir
Pearl

Re: Connecting to vSEC in AWS using WinSCP

Jump to solution

In my experience, managing on-premises appliances we've never had any issues with using chsh.

First time I have encountered it was connecting to AWS vSEC.

vlad@eversecgroup.com

+1.973.558.2738

0 Kudos