This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Gold
MVP Gold
‎2025-09-03 03:04 PM
Jump to solution

Clish error

Hey guys,

Wondering if someone may have an idea about below command. Had customer try to copy it into new fw they got, but it did not work saying insecure command.

Im not even positive what this command is used for, but when I tried it in R81.20 lab, gave same error, but will try tomorrow in R82.

Any suggestions welcome, as always.

Andy

command:

 

add ssh hba ipv4-address x.x.x.x public-key access-mode standalone encoded-data AAAAB3NzaC1yc2EAAAADAQABAAACAQC50EeHPoPncWawK47rIbCKG7yw63fyPFH7+lkP0SfDz6X81MWbPOf7z93XeP6n1pYGb2nohwtqLKMgRPjh7BaI9ZXf97FcPyjOdeJn55lPxmN1843ADzklQAlQUwpacYVx4lVBbOYWAE2WgXDZAvsp3icbUC+kNvihOtGfoRaFlyey5n/pRvOLx73AU8ZaJMLPTlPGho6WMvnhjS+HxUV24lNBN/XyQPETey+tJF81nSxSN4+V6SaRAZJjDAQa2nC5oFxLqxIQvwjt5HkYv/ntoBhB/wHeJ6R+ZZzEJhlcql/bax7K6ANt9wQIVNZ4W29Ovhi8bBgXa7w7WvW1Nl0+t1mJz4zoEMGKEyWQoZ0TkzEfeJmqoiMpOrs6TyccSH2HxObPIeES0tttomOLBkL7Wo/B3LaruKeMKxXnD6FKMi6MKS6nmmFcJ1xXfllHXRVRVBK5iKKOaGaTu+jZunWMhY+npAZ9F47MmQzvXldjukganEwjTK7KlQdww/zmXjWrbiEl033SGnu2SaayDsJj9NAedDwXuzDJfG1SAY60xdbG0j1g0L3a11jsa55gA//0GlxrV7hVK6+g5/JIOUE1TDNBBbCLnYOiFhGCbr+pt2nyozuwGFJ3Yukt3Rxmd+8BbE4qx4pmmeNaT87V5StkEyiyUwHfmJ61ImVSLJS/bw==

0 Kudos
2 Solutions

Accepted Solutions
the_rock
MVP Gold
MVP Gold
‎2025-09-03 04:22 PM
Jump to solution

This was the solution:

https://support.checkpoint.com/results/sk/sk93935

Andy

View solution in original post

emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-09-03 07:52 PM
In response to the_rock
Jump to solution

An alternative solution is just to ssh to that endpoint from expert mode and accept the fingerprint. That will add that line to the clish DB without having to mess with any other config.

View solution in original post

5 Replies
the_rock
MVP Gold
MVP Gold
‎2025-09-03 04:22 PM
Jump to solution

This was the solution:

https://support.checkpoint.com/results/sk/sk93935

Andy

emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-09-03 07:52 PM
In response to the_rock
Jump to solution

An alternative solution is just to ssh to that endpoint from expert mode and accept the fingerprint. That will add that line to the clish DB without having to mess with any other config.

the_rock
MVP Gold
MVP Gold
‎2025-09-03 08:01 PM
In response to emmap
Jump to solution

Thanks for that Emma, makes perfect sense. Hey, for below as well, they are getting following error, but I assume its same logic?

Andy

add ssh hba hostname fairfax.ott.checkpoint.com public-key access-mode standalone encoded-data AAAAB3NzaC1yc2EAAAABEQAAAQEAnNzfNR7wxlDhW81APPxyitUKMA4p/M/Ycb2SSXq5pwz6kRFOtn20cSNWlBuLuYuki5AumP3i8hUvXftF+5yMbmwb8L/vgUHOk9cKmArMR0yZa8o2UF7b51NulONtMYACDXYwv/KjHstLIvCj9YR7xNRjmxlEArh6YhgkL6b2Vum2Sdk0MJ/z3NPJg1qOC5aPoNs23RBP6v2pp9g/xMt1cSBWJmTKFLgn4ejkEbZI/hF//5MHPnbKntub5dSyTKSDZUp/9d0rHSLghynQW/Az0+kISjfywUu84eMtsNU7xGnc9RPwluahsXu91LT5+3DFH5jdr3rKPrqzqWY1blYfzQ==]]]

 

 

The error message when using hostname is

 

NMHOST9999  Timeout waiting for response from database server.

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-09-03 08:20 PM
In response to the_rock
Jump to solution

Yep, same deal, ssh to the hostname and accept the fingerprint, then check in clish at that should be there. Pretty sure there's no need to actually login, just accept the fingerprint and cancel out.

(1)
the_rock
MVP Gold
MVP Gold
‎2025-09-03 08:21 PM
In response to emmap
Jump to solution

Thanks so much, always AMAZING help from you!

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events