- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hello Checkmates,
Maybe the question is trivial, but I've been asked to configure the System Backup of a couple of secure gateways using host keys (scp or sftp). The sk about host keys and the management of them I have found. But the admin guide (R81.20 et al..) only mentions scp with username/password. Does that mean host keys are not supported to be used with System Backup ?
Thanks,
Chris.
Hi,
As I know there is no limitation around the host keys.
I use host keys on R81.10, and works.
Akos
My experience with this feature was that if you had an SSH key configured with the remote end, this would be used first.
The password, in this case, can be anything.
Hi,
As I know there is no limitation around the host keys.
I use host keys on R81.10, and works.
Akos
Im fairly sure it would be supported.
Andy
Thanks for the replies. I didn't mention the second part of my question as to how is it done ? Gaia GUI: no way to enter the keys when scheduling a system backup. CLISH either AFAIK , or maybe I don't have the proper glasses on... Do I need to use mgmt scripting fu to have it done and add it to crontab ?
You could use host keys to add the keys in the RBA configuration of your GAIA.
My experience with this feature was that if you had an SSH key configured with the remote end, this would be used first.
The password, in this case, can be anything.
Thanks folks... got it working now.
I wonder how you made it work.
I keep getting this error with scheduled backups and ssh key authentication (see below) even though I can ssh or do a once off backup from the gui with ssh key authentication.
scheduled_backup: Error : Base64 decode failed
scheduled_backup: schedule backup: obfuscation error
scheduled_backup: /bin/scheduled_backup: rc=-1
AFAIK, using SSH keys to transfer backup files is still not supported. You can double-check it via a TAC case, to get an official answer. You can also open an RFE and ask to support this feature.
oh really? It has always worked for me in R77.20, R80.40, R81.10.
It has only failed in R81.20 now
Are you talking about a scheduled backup or an immediate one?
scheduled backup with ssh keys works for me in r77.20, r80.40, r81.10
immediate backup with ssh keys works for me in r77.20, r80.40, r81.10 and r81.20 too
Ok, I might be wrong then. Please check with TAC if it is supported, and take it with them, if it is
Hello Luis Miguel,
It's been a while, but this is from my notes:
create ssh key with command ssh-keygen in bash
Then in clish:
add ssh hba hostname <ip address of server> public-key access-mode standalone file /home/admin/.ssh/id_rsa.pub
connect with ssh to server with -i and answer yes... the server's fingerprint will be added to the known_hosts file.
To test one time: backup scp ip <ip address of server> path <path to backup on server>/ username <username> password 1234
Then I simply created the scheduled backup in the GUI...
weird I get that error in r81.20, doing the same
scheduled_backup: Error : Base64 decode failed
scheduled_backup: schedule backup: obfuscation error
scheduled_backup: /bin/scheduled_backup: rc=-1
as a workaround, I replace the schedule backup scp with ssh keys with:
1) scheduled backup stored locally
2) cron job with scp localbackup.tgz remoteuser@remotescpserver
I found another issue, the retention policy fails when configured to 1.
My expectation is that if it is configured it to 1, the system will delete the old backup and will run a new backup. But it the schedule backup service just hangs and you need to reboot the firewall manager.
So eventually configured the retention policy to 2.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
20 | |
18 | |
18 | |
11 | |
11 | |
7 | |
7 | |
7 | |
6 | |
5 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 02:00 PM (EDT)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - AMERAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY