This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Petr_Hantak
Advisor
Advisor
‎2023-04-11 12:43 AM
Jump to solution

SSH connection to SMB with keypair

Hi SMB Masters!

I would like to ask you if anyone have an experience how to setup SSH connection with keypair to Sparks. Anyone? I know it must be in bashUser etc. But SMB has no classic home folder for admin user for example. Where we should put keys if we want to do it?

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-04-17 08:45 AM
Jump to solution

For Security Gateway 80 / 600 / 700 / 1100 / 1200R/ 1400 appliances see here: https://community.checkpoint.com/t5/SMB-Gateways-Spark/Perform-scheduled-scripted-tasks-on-SMB-devic... and sk106836: How to configure SSH authentication using RSA key files on Security Gateway 80 / 600 / 700...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

PhoneBoy
Admin
Admin
‎2024-02-05 01:33 PM
In response to Oliver_Fink
Jump to solution

It's in the product documentation now: https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Centrally_Managed/EN/Content/Topics/SS...

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2023-04-12 09:41 AM
Jump to solution

Root's "home" directory is / (i.e. the root filesystem).
Which would imply that you can create a /.ssh/authorized_keys file.
However, in R81.10.05, it appears this is disabled in /pfrm2.0/etc/sshd_config
(Earlier code revisions use dropbear, which may already allow this)

You might be able to tweak the configuration to make this work. 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-04-12 09:50 AM
In response to PhoneBoy
Jump to solution

The official procedure for this: https://support.checkpoint.com/results/sk/sk179986 
Note that it only applies to Quantum Spark SMB appliances running R81.10.xx where OpenSSH is used instead of Dropbear.

nmelay1
Participant
‎2023-10-24 02:31 AM
In response to PhoneBoy
Jump to solution

Deleted.

It was still online last week. It's really annoying that published SKs constantly get retracted without any kind of explanation/justification.

Edit :

It seems like this SK's content made its way to the Admin Guide.
https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/SSH-...
That's probably where I read about this last week.
Deleted SKs are still an issue though.

0 Kudos
Oliver_Fink
Advisor
Advisor
‎2024-02-05 07:44 AM
In response to PhoneBoy
Jump to solution

Sk has been deleted.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-02-05 01:33 PM
In response to Oliver_Fink
Jump to solution

It's in the product documentation now: https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Centrally_Managed/EN/Content/Topics/SS...

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-04-17 08:45 AM
Jump to solution

For Security Gateway 80 / 600 / 700 / 1100 / 1200R/ 1400 appliances see here: https://community.checkpoint.com/t5/SMB-Gateways-Spark/Perform-scheduled-scripted-tasks-on-SMB-devic... and sk106836: How to configure SSH authentication using RSA key files on Security Gateway 80 / 600 / 700...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Petr_Hantak
Advisor
Advisor
‎2023-04-17 11:32 PM
Jump to solution

@G_W_Albrecht and @PhoneBoy thank you guys! I am surprised that I was not able to find newest SK myself when I was digging in knowledge base. 

0 Kudos
nmelay1
Participant
‎2023-10-24 02:46 AM
Jump to solution

mkdir /storage/.ssh
chmod 700 /storage/.ssh
cd /storage/.ssh
touch authorized_keys
chmod 600 authorized_keys
cat >> authorized_keys (paste your key(s), end with Ctrl-D)
sed -i '/^AuthorizedKeysFile/s!none!/storage/.ssh/authorized_keys!' /pfrm2.0/etc/sshd_config
/pfrm2.0/bin/sshd.sh

The last 2 commands need to be repeated after each firmware upgrade.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events