This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Albin_Petersson
Contributor
‎2022-01-18 04:15 AM

Cannot get SCP backups to work. how to troubleshoot?

Jump to solution

Helloes.

 

We have a SCP backup running to a server today that i don't recall having any problems with when I set it up. Now we're going to move the backups to a new debian server. Seemed like the easiest thing in the world, but I just can't get it to work. And how are you supposed to troubleshoot?

I can SCP from the FW and transfer files, albeit not to the root directory since it's a chroot environment. But the backups are supposed to be stored in the /fw directory anyhow, and i can SCP files there.

 

In var/log/messages i can only see "xpand: failed to copy. fallback. trying to copy without the path." and then "exiting fallback".

there's another log called CPbackup.elg that even though there are lots of errors, doesn't have anything related to the problem.

Where do I look?

0 Kudos
1 Solution

Accepted Solutions
Albin_Petersson
Contributor
‎2022-01-18 07:21 AM

Jump to solution

Funny thing this...

When I created the user, it was created with sh as shell. I didn't think much about it then, but now I changed the shell to bash and added the binary+libs to the chroot environment. And now it works...

So, checkpoints backup program definitly need bash.

It would still have been nice to have some sort of log to look in while troubleshooting, or to use SFTP, but at least it works.

View solution in original post

8 Replies
Ruan_Kotze
Advisor
‎2022-01-18 04:21 AM

Jump to solution

Something that has worked for me in the past is ssh'ing to the backup server from expert mode and accepting the ssh key when prompted,

#ssh backupuser@1.2.3.4

0 Kudos
Albin_Petersson
Contributor
‎2022-01-18 04:29 AM
In response to Ruan_Kotze

Jump to solution

I have added the host-key. I can ssh/scp from the FW to the server.

But I don't understand what the firewall backup function does differently.

 

EDIT: I would really have liked to use SFTP with keys instead of SCP. Is there any hint if SFTP will be added to the backup functionality?

0 Kudos
_Val_
Admin
Admin
‎2022-01-18 06:43 AM
In response to Albin_Petersson

Jump to solution

Check the path and that user has write rights on the target server. If you are convinced there is no config issue, please open a support call for that.

0 Kudos
the_rock
Champion
Champion
‎2022-01-18 07:10 AM

Jump to solution

I agree with @_Val_ . I had seen in the past that if you change the path on the server, it works fine. Cant say 100% it would fix it, but worth trying.

 

0 Kudos
Albin_Petersson
Contributor
‎2022-01-18 07:21 AM

Jump to solution

Funny thing this...

When I created the user, it was created with sh as shell. I didn't think much about it then, but now I changed the shell to bash and added the binary+libs to the chroot environment. And now it works...

So, checkpoints backup program definitly need bash.

It would still have been nice to have some sort of log to look in while troubleshooting, or to use SFTP, but at least it works.

the_rock
Champion
Champion
‎2022-01-18 07:22 AM
In response to Albin_Petersson

Jump to solution

I agree with you...if you cant find the right log, then it makes it more difficult, for sure. Glad it worked!

0 Kudos
_Val_
Admin
Admin
‎2022-01-18 07:26 AM
In response to the_rock

Jump to solution

Only one small thing, the log in question, for this specific case, should be actually reviewed on the server side 🙂 All what Gaia has here is, "I cannot write to the remote folder". On the server, you should also see why.

0 Kudos
_Val_
Admin
Admin
‎2022-01-18 07:24 AM
In response to Albin_Petersson

Jump to solution

Correct, bash should be the default shell for a backup user on the target server.

Labels