Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Petr_Hantak
Advisor
Advisor
Jump to solution

SSH connection to SMB with keypair

Hi SMB Masters!

I would like to ask you if anyone have an experience how to setup SSH connection with keypair to Sparks. Anyone? I know it must be in bashUser etc. But SMB has no classic home folder for admin user for example. Where we should put keys if we want to do it?

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
PhoneBoy
Admin
Admin
0 Kudos
8 Replies
PhoneBoy
Admin
Admin

Root's "home" directory is / (i.e. the root filesystem).
Which would imply that you can create a /.ssh/authorized_keys file.
However, in R81.10.05, it appears this is disabled in /pfrm2.0/etc/sshd_config
(Earlier code revisions use dropbear, which may already allow this)

You might be able to tweak the configuration to make this work. 

0 Kudos
PhoneBoy
Admin
Admin

The official procedure for this: https://support.checkpoint.com/results/sk/sk179986 
Note that it only applies to Quantum Spark SMB appliances running R81.10.xx where OpenSSH is used instead of Dropbear.

nmelay1
Participant

Deleted.

It was still online last week. It's really annoying that published SKs constantly get retracted without any kind of explanation/justification.

Edit :

It seems like this SK's content made its way to the Admin Guide.
https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/SSH-...
That's probably where I read about this last week.
Deleted SKs are still an issue though.

0 Kudos
Oliver_Fink
Advisor
Advisor

Sk has been deleted.

0 Kudos
PhoneBoy
Admin
Admin
0 Kudos
G_W_Albrecht
Legend Legend
Legend

For Security Gateway 80 / 600 / 700 / 1100 / 1200R/ 1400 appliances see here: https://community.checkpoint.com/t5/SMB-Gateways-Spark/Perform-scheduled-scripted-tasks-on-SMB-devic... and sk106836: How to configure SSH authentication using RSA key files on Security Gateway 80 / 600 / 700...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Petr_Hantak
Advisor
Advisor

@G_W_Albrecht and @PhoneBoy thank you guys! I am surprised that I was not able to find newest SK myself when I was digging in knowledge base. 

0 Kudos
nmelay1
Participant

mkdir /storage/.ssh
chmod 700 /storage/.ssh
cd /storage/.ssh
touch authorized_keys
chmod 600 authorized_keys
cat >> authorized_keys (paste your key(s), end with Ctrl-D)
sed -i '/^AuthorizedKeysFile/s!none!/storage/.ssh/authorized_keys!' /pfrm2.0/etc/sshd_config
/pfrm2.0/bin/sshd.sh

The last 2 commands need to be repeated after each firmware upgrade.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events