Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
_KL_
Contributor

checkpoint gateway login with bash 4.4 shell

Hi

Does anybody have an idea when radius user is doing ssh to the gateway it lends to bash-4.4 shell instead of expert mode as we have set aaa radius-servers default-shell /bin/bash & add rba role radius-group-any domain-type System all-features.

Local user lands properly to /bin/bash or expert mode but the issue is only with radius user.

Gateway is running on R80.40 - T120, tried all possible

any clue how this issue to be fixed ?

Please suggest, thanks.

0 Kudos
10 Replies
Bob_Zimmerman
Advisor

I suspect there may be some confusion. Bash is expert mode.

_KL_
Contributor

yes /bin/bash is expert mode, when user logs in using radius account it goes into bash4.4 which is kernal should go to expert mode.

When user logs in using local user it works perfectly fine going to /bin/bash expert mode.

0 Kudos
Bob_Zimmerman
Advisor

As of GAiA 3.10, the version of bash included is 4.4.19. Expert mode is bash, and bash is expert mode.

What is the difference you are seeing?

0 Kudos
_KL_
Contributor

not all commands working from bash4.4 and post going to clish respective commands works.

But when I use local user credentials - its going directly to expert mode which is (/bin/bash) expected but not the same case for Radius users.

0 Kudos
Bob_Zimmerman
Advisor

[Expert@DallasSA]# echo $SHELL
/bin/bash
[Expert@DallasSA]# $SHELL --version
GNU bash, version 4.4.19(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
[Expert@DallasSA]# fwm ver
This is Check Point Security Management Server R81 - Build 009
[Expert@DallasSA]# 

Again, bash 4.4 is expert mode. What exactly are you calling "bash4.4"? Is the prompt different, or something?

0 Kudos
Bob_Zimmerman
Advisor

I think I figured out what you mean! If the /etc/bashrc doesn't run, you wind up with a prompt like this:

This system is for authorized use only.
Last login: Tue Jan 18 19:48:04 2022 from <address>
-bash-4.4# 

That just means you weren't able to run the bashrc, which is where the prompt is changed. That is very weird, though, because /etc is world-readable and world-traversable, and /etc/bashrc is world-readable. If this is the prompt you see when you log in, I suspect something is seriously wrong with the permissions on your system.

_KL_
Contributor

Yes and another rest of the firewallls are good so no issue from permission point of view but something wrong with specific affected node. still trying to figure out what is the cause of this.

0 Kudos
nmelay
Contributor

That's probably login shell vs non-login shell, rather than a filesystem permission issue.

0 Kudos
the_rock
Champion
Champion

@Bob_Zimmerman is absolutely right, bash IS expert mode. So say you have user called "radiususer", below are 2 most common commands to change the shell (though there are 7 of them I believe).

To keep default mode (so they have to go to expert themselves), you would execute below, or keep it as default:

chsh -s /etc/cli.sh radiususer

To get them to expert mode when they log in:

chsh -s /bin/bash radiususer

For embedded gaia, its bashUser on and bashUser off

Andy

0 Kudos
_KL_
Contributor

Tried this but it seems this works with only local users and not with user as radiususer.

chsh: can only change local entries.

0 Kudos