Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jan_Kleinhans
Collaborator

RFE: Let SFTP Account open till case is closed.

Hello.

I don't know where to post this, but I ran often in the problem that the support requests a file upload to sftp but the sftp account is already closed.
Maybe you can change the behaviour so that sftp is only closed when the case is closed.
Another possible solution could be to create a sftp account per user and not per case.

Regards,

Jan

6 Replies
_Val_
Admin
Admin

Hi @Jan_Kleinhans, I am sorry for your experience. Just to make sure, the community is not part of TAC, and although we welcome all kind of discussions here, we will not be able to provide you a direct assistance you with the specific case.

However, please send me your support case number to vloukine@checkpoint.com, and I will make sure your feedback reaches the right eyes and ears in the Technical Services.

0 Kudos
G_W_Albrecht
Legend
Legend

It is a general rule that SFTP credentials are valid for a month only - often, the information Account Valid Until: is included in the SFTP case info, or you can calculate it from the date you have received them. I must admit that it is not very convenient to have to ask CP to provide new credentials during longer cases - but i understand that credentials will only work for a limited time for security reasons. 

0 Kudos
Jan_Kleinhans
Collaborator

Hello,

I also understand it. But why not connecting the case to the sftp account. I hope that both background tools provide something like an API to auto create/lock an account. But I think everything is done manually. One time I also got data of another customer in the provided account. 
It's not a show stopper but I think there is potential for improvement.

Also there is a way to upload additional files via cpinfo which is much easier for the customer. But this feature is rarely used.

Jan

G_W_Albrecht
Legend
Legend

To clear this up: We have several upload possibilities for CP cases.

- upload to the ticket using the web support portal as attachment for small(er) files

- upload any file using cpinfo utility

- SFTP account upload to one of the CP SFTP sites

0 Kudos
Bob_Zimmerman
Advisor

While on the topic, it would be really nice if we could associate SSH keys with user accounts, then use those instead of passwords. I've got diamond support with around 20 other people who can open tickets. The username is shared between all tickets, so the credentials are constantly getting reset when somebody has to upload files for another ticket. It's incredibly frustrating, and key-based authentication would skip this problem entirely.

GitHub does some fascinating stuff with GLB and repositories internally which involves pinning the SSH keys to repositories rather than to users. When cloning a repo from GitHub via SSH, everybody connects with the user 'git', but you can only access private repos if you authenticated with a key which has read access to that repo. That seems like it would be ideal.

0 Kudos
_Val_
Admin
Admin

@Jan_Kleinhans I have spoken with TAC management.

As @G_W_Albrecht, mentioned already,

currently SFTP credentials expires after 30 days, and engineers manually renew it based on request. This is done for the security reasons. Our system engineers are working on other solution which will hopefully solve the issue.