Danny Jung

HowTo - Creating an scpuser account on Gaia Clish

Discussion created by Danny Jung Champion on Aug 30, 2017
Latest reply on Oct 14, 2017 by Michel Markusevic

 

While reviewing Check Point installations I often encounter setups where the shell of the admin user account was changed to /bin/bash in order to allow copying documents via scp to and from Check Point Gaia systems.

 

This is because the scponly shell isn't known.

 

Follow these steps to create an scpuser for copying documents securely without compromising your admin account.

 

[ R77.30 ]

add user scpuser uid 2600 homedir /home/scpuser
set user scpuser shell /usr/bin/scponly
set user scpuser password
save config

 

[ R80 ]

add user scpuser uid 2600 homedir /home/scpuser
set user scpuser realname Scpuser
add rba role scpRole domain-type System readwrite-features expert
add rba user scpuser roles scpRole
set user scpuser gid 100 shell /usr/bin/scponly
set user scpuser password
save config

Outcomes