Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mark_Wheeler
Participant

How to manage local users (SSH) in large environment

Hi

 

We have a large environment and we are looking for a better way to manage individual local SSH users. The goal would be to not always have to create a local user on every device when a new administrator joins the team. Until now there was a generic SSH user which was used by everyone. The future goal is that every administrator is using it's personalized SSH account.

We have ISE which is using RADIUS as well as TACACS+ but as far as i understand we still would need to create a user locally, hence this would mean either to manually create the users or to use something like Ansible to create local users automated on every Check Point device.

How are other large environments solve this problem?

 

Regards and thanks for any help,

Mark

 

 

0 Kudos
2 Replies
masher
Employee
Employee

sk105542 and  sk72940 might answer your questions. I have a customer who uses RADIUS with a large number of users with different RBA configurations depending on their roles on the security team.

 

 

0 Kudos
Martin_Valenta
Advisor

we have around 400+ gateways, as part of build process we are adding all current users locally on gateway, if after some time somebody left or it's new member of team, we simply run script across all our gateway from MDS via CPRID tool in order to delete or add user.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events