Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
johnnyringo
Collaborator

Allowing SSH username/password authentication to Gateways in AWS / GCP

Jump to solution

We have several CheckPoint R80.30 or R80.40 gateways in AWS and GCP, all configured to use TACACS authentication requiring a 2FA token code.  

I'm able to login to the GAIA WebUI portal just fine via TACACS, but SSH appears to only accept public keys.  /var/log/secure on the gateway shows this:

 

 

 

Connection closed by authenticating user billybob 10.21.56.27 port 50620 [preauth]

 

 

 

To authenticate using username/password to SSH, do I need to muck around with /etc/ssh/sshd_config or is there an easy clish command to do this?  I found sk109587 but it's quite old, and only mentions R77.

To state the obvious, our gateways do not have port 22 open to the Internet, so we are not concerned about password cracking or account locking.  

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

The process should still be relevant for R8x.
Specifically, the sshd_config needs to be edited to enable password/root login.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

The process should still be relevant for R8x.
Specifically, the sshd_config needs to be edited to enable password/root login.

View solution in original post

0 Kudos
johnnyringo
Collaborator

Yep, I just started rolling this out and can confirm it does work.  Just wanted to verify there wasn't a better way in the newer software versions

0 Kudos