- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: Check Point FTP server listening on SSH Port
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check Point FTP server listening on SSH Port
Hi All,
We recently picked up an issue where we couldn't establish SSH connections to our gateways anymore. I confirmed policies were in place to allow SSH connections from our jumpbox, also the jumpbox is confirmed to be a trusted host.
As part of troubleshooting I did a telnet to the gateway IP on port 22 and it responded with "220 Check Point FireWall-1 Secure FTP server". I compared this to another working gateway, which responded with "SSH-2.0-OpenSSH_7.8". Why would an FTP server be listening on the SSH port?
I did some research, and apparently this can be caused by a combination of having a FTP resource defined and using that resource in a policy. This is not the case for me. I also confirmed that fwauthd.conf has FTP listening on TCP 21.
I've got a ticket open with TAC for this, but was wondering if anyone else ran across this. I'm running R80.40 Take 48 on the affected gateways.
Thanks,
Ruan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Open terminal connection from Web Portal and run this command to check what is listening on port 22:
# lsof -i :22
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Hristo,
Thanks for the response. Interestingly enough, it shows that sshd is listening (screen shot attached).
-Ruan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No idea why would FTP security server listen on port 22 but you could eventually try to move ssh service on port 2222 (for example).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds like a bug to me.
As a workaround, you can probably comment out the relevant line in $FWDIR/conf/fwauthd.conf and install policy.