This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
johnnyringo
Advisor
‎2022-10-22 06:58 AM

Unable to SSH using public key from Ubuntu 22 VM

I migrated from a Debian 9 to Ubuntu 22 bastion host this week, and am unable to SSH to CheckPoint R80.40 gateways using public key authentication.   Initially I was unable to SSH to the CheckPoints at all, but was able to fix that but adding the following lines to /etc/ssh/ssh_config:

KexAlgorithms +diffie-hellman-group14-sha1
HostKeyAlgorithms=+ssh-dss

This fixed the connection, and I can now authenticate via username/password.  However, public key auth is failing.  

It's a bit of a concern since we have multiple R80.40 (and a few R80.30) devices in public cloud, where public ssh key auth is the only way to do initial configuration (username/password only works for GAIA web interface)

Server Info:

ssh -V
OpenSSH_7.8p1, OpenSSL 1.1.1n 15 Mar 2022

Client Info:

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy

ssh -V
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022

0 Kudos
4 Replies
Swiftyyyy
Advisor
‎2022-10-22 08:30 AM

What does the client side ssh say if you attempt to connect with the "-vvv" option for full debug output?

0 Kudos
_Val_
Admin
Admin
‎2022-10-24 01:52 AM

Just to make sure I understand this correctly, it is the SSH client who is providing the public key to authenticate to Gaia? There is a couple of SKs you may find useful: sk143752 & sk164234

If anything, please let me know

0 Kudos
johnnyringo
Advisor
‎2022-10-24 11:34 AM
In response to _Val_

Right - just to clarify, the checkpoint gateway (server) has the ssh public key, the client has the private key.  

I have noticed Ubuntu 22 has been fairly aggressive about dropping support for older ciphers and key lengths, so had assumed it was that.  But the funny thing is I can do public key auth to some checkpoints but not others.  All of them are running R80.40 Take 173 and seem to have the same openssh version and configuration.  

 

0 Kudos
_Val_
Admin
Admin
‎2022-10-25 12:39 AM
In response to johnnyringo

Did you look into the SKs I have provided to you? Also, who is refusing to connect, the GW or your client?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events