This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jan_Kleinhans
Advisor
‎2021-08-01 11:19 PM

RFE: Let SFTP Account open till case is closed.

Hello.

I don't know where to post this, but I ran often in the problem that the support requests a file upload to sftp but the sftp account is already closed.
Maybe you can change the behaviour so that sftp is only closed when the case is closed.
Another possible solution could be to create a sftp account per user and not per case.

Regards,

Jan

6 Replies
_Val_
Admin
Admin
‎2021-08-02 12:35 AM

Hi @Jan_Kleinhans, I am sorry for your experience. Just to make sure, the community is not part of TAC, and although we welcome all kind of discussions here, we will not be able to provide you a direct assistance you with the specific case.

However, please send me your support case number to vloukine@checkpoint.com, and I will make sure your feedback reaches the right eyes and ears in the Technical Services.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-08-02 03:07 AM

It is a general rule that SFTP credentials are valid for a month only - often, the information Account Valid Until: is included in the SFTP case info, or you can calculate it from the date you have received them. I must admit that it is not very convenient to have to ask CP to provide new credentials during longer cases - but i understand that credentials will only work for a limited time for security reasons. 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Jan_Kleinhans
Advisor
‎2021-08-02 03:18 AM
In response to G_W_Albrecht

Hello,

I also understand it. But why not connecting the case to the sftp account. I hope that both background tools provide something like an API to auto create/lock an account. But I think everything is done manually. One time I also got data of another customer in the provided account. 
It's not a show stopper but I think there is potential for improvement.

Also there is a way to upload additional files via cpinfo which is much easier for the customer. But this feature is rarely used.

Jan

G_W_Albrecht
Legend Legend
Legend
‎2021-08-02 07:52 AM
In response to Jan_Kleinhans

To clear this up: We have several upload possibilities for CP cases.

- upload to the ticket using the web support portal as attachment for small(er) files

- upload any file using cpinfo utility

- SFTP account upload to one of the CP SFTP sites

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Bob_Zimmerman
Authority
Authority
‎2021-08-02 07:15 AM
In response to G_W_Albrecht

While on the topic, it would be really nice if we could associate SSH keys with user accounts, then use those instead of passwords. I've got diamond support with around 20 other people who can open tickets. The username is shared between all tickets, so the credentials are constantly getting reset when somebody has to upload files for another ticket. It's incredibly frustrating, and key-based authentication would skip this problem entirely.

GitHub does some fascinating stuff with GLB and repositories internally which involves pinning the SSH keys to repositories rather than to users. When cloning a repo from GitHub via SSH, everybody connects with the user 'git', but you can only access private repos if you authenticated with a key which has read access to that repo. That seems like it would be ideal.

0 Kudos
_Val_
Admin
Admin
‎2021-08-02 05:34 AM

@Jan_Kleinhans I have spoken with TAC management.

As @G_W_Albrecht, mentioned already,

currently SFTP credentials expires after 30 days, and engineers manually renew it based on request. This is done for the security reasons. Our system engineers are working on other solution which will hopefully solve the issue.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events