Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
johnnyringo
Collaborator

Allowing SSH username/password authentication to Gateways in AWS / GCP

Jump to solution

We have several CheckPoint R80.30 or R80.40 gateways in AWS and GCP, all configured to use TACACS authentication requiring a 2FA token code.  

I'm able to login to the GAIA WebUI portal just fine via TACACS, but SSH appears to only accept public keys.  /var/log/secure on the gateway shows this:

 

 

 

Connection closed by authenticating user billybob 10.21.56.27 port 50620 [preauth]

 

 

 

To authenticate using username/password to SSH, do I need to muck around with /etc/ssh/sshd_config or is there an easy clish command to do this?  I found sk109587 but it's quite old, and only mentions R77.

To state the obvious, our gateways do not have port 22 open to the Internet, so we are not concerned about password cracking or account locking.  

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

The process should still be relevant for R8x.
Specifically, the sshd_config needs to be edited to enable password/root login.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin

The process should still be relevant for R8x.
Specifically, the sshd_config needs to be edited to enable password/root login.

View solution in original post

johnnyringo
Collaborator

This does work, although it should be noted that in R80.40 take 83 and above, the template file must be modified and copied over in order to preserve the setting upon reboot:

 

 

cp /etc/ssh/templates/sshd_config.templ /etc/ssh/templates/sshd_config.templ_backup
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/templates/sshd_config.templ
sed -i 's/PermitRootLogin forced-commands-only/PermitRootLogin yes/' /etc/ssh/templates/sshd_config.templ
/usr/bin/sshd_template_xlate < /config/active
service sshd restart

 

I see sk109587 was updated with instructions to update and push the template file, but it's missing the full path on the 4th command.

0 Kudos