This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DH
Contributor
‎2023-01-05 08:39 AM
Jump to solution

Smart Console open shell - saving fingerprint failed! How correct it? - solved

Version R81.10 JHF take 79
Console R81.10 build 410

I have a change fingerprint of a reinstalled gateway.

SSH from SmartManagement Server CLI to gateway worked.

SSH by SmartConsole =>Open Shell shows a potential security break (that's known because of the reinstallation),
but the option 'Ok'/'Yes'(?) to save the fingerprint do failed with message. - I think 'No' should be 'Cancel'...😉

"saving fingerprint failed for <IP>.
fingerprint won't be saved. "

after that message the connection to the gateway is still possible.

Other new/unknown fingerprints will be saved that way...

My questions:
Where will this fingerprints be saved?
How can they safely be edit?

 

Preview file
71 KB
Preview file
434 KB
0 Kudos
1 Solution

Accepted Solutions
DH
Contributor
‎2023-01-06 12:29 AM
In response to the_rock
Jump to solution

I found the major part of the solution by myself.

It seems a other AdminUser got this message before, accept (yes) it, but  he didn't publish it.

I found a "edited ssh settings entry" in the changes of his session! - it was the only change in this session, so I discard that session and now I didn't got an error message anymore, after I accept the new key!
The root problem is solved and it seems the fingerprint are stored inside the database.

@cp : Why did the GUI not clear inform, that this setting is locked by a other user - that should be the correct message!


 

View solution in original post

8 Replies
the_rock
MVP Platinum
MVP Platinum
‎2023-01-05 09:35 AM
Jump to solution

Just to make sure I understand this, the screenshot you attached is what you see when trying to open gateway shell from the object in dashboard?

Best,
Andy
0 Kudos
DH
Contributor
‎2023-01-05 09:45 AM
In response to the_rock
Jump to solution

Yes in

Smart Console=>Gateways and Servers=>Gateway Object=>Action=>Open Shell..after input the login Credentials. - The gateway was before reinstalled and the trust restablished, so it is correct, that the fingerprint was changed, but I'm unable to save the new fingerprint inside the GUI.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-05 12:10 PM
In response to DH
Jump to solution

You might try accessing the host from the management server via SSH and save the fingerprint there…using the admin user.

the_rock
MVP Platinum
MVP Platinum
‎2023-01-05 12:19 PM
In response to DH
Jump to solution

I was going to suggest same thing @PhoneBoy mentioned...so say from your mgmt ssh session expert mode, you can type ssh admin@10.10.10.50 (or whatever fw IP is), accept whetever is prompted on the screen and once connected, close the session and then try same method that was failing originally.

Andy

Best,
Andy
0 Kudos
DH
Contributor
‎2023-01-05 01:54 PM
In response to the_rock
Jump to solution

I tried that already before...SSH to Mgmt => ssh from Mgmt to gateway => store the key (it was stored then unter ~/.ssh/known_hosts as usual under linux.) this worked inside the expert mode.
But this did not resolve the problem inside the SmartConsole GUI.

So the question is still were did the console store the fingerprints?

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-05 03:14 PM
In response to DH
Jump to solution

The only other place I can think of is the same place in the root user (i.e. under /root).
Otherwise, I suggest a TAC case.

the_rock
MVP Platinum
MVP Platinum
‎2023-01-05 04:56 PM
In response to DH
Jump to solution

And it did prompt you to accept the "key" when you did this?

Best,
Andy
0 Kudos
DH
Contributor
‎2023-01-06 12:29 AM
In response to the_rock
Jump to solution

I found the major part of the solution by myself.

It seems a other AdminUser got this message before, accept (yes) it, but  he didn't publish it.

I found a "edited ssh settings entry" in the changes of his session! - it was the only change in this session, so I discard that session and now I didn't got an error message anymore, after I accept the new key!
The root problem is solved and it seems the fingerprint are stored inside the database.

@cp : Why did the GUI not clear inform, that this setting is locked by a other user - that should be the correct message!


 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events