Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ruan_Kotze
Advisor

Check Point FTP server listening on SSH Port

Hi All,

We recently picked up an issue where we couldn't establish SSH connections to our gateways anymore.  I confirmed policies were in place to allow SSH connections from our jumpbox, also the jumpbox is confirmed to be a trusted host.

As part of troubleshooting I did a telnet to the gateway IP on port 22 and it responded with "220 Check Point FireWall-1 Secure FTP server".  I compared this to another working gateway, which responded with "SSH-2.0-OpenSSH_7.8".  Why would an FTP server be listening on the SSH port?

I did some research, and apparently this can be caused by a combination of having a FTP resource defined and using that resource in a policy.  This is not the case for me.  I also confirmed that fwauthd.conf has FTP listening on TCP 21.

I've got a ticket open with TAC for this, but was wondering if anyone else ran across this.  I'm running R80.40 Take 48 on the affected gateways.

Thanks,
Ruan

4 Replies
HristoGrigorov

Open terminal connection from Web Portal and run this command to check what is listening on port 22:

# lsof -i :22

Ruan_Kotze
Advisor

Hi Hristo,

Thanks for the response.  Interestingly enough, it shows that sshd is listening (screen shot attached).

-Ruan

HristoGrigorov

No idea why would FTP security server listen on port 22 but you could eventually try to move ssh service on port 2222 (for example).

PhoneBoy
Admin
Admin

The Security Servers are deprecated and shouldn't ever be used/activated unless you have a Resource rule defined.
Sounds like a bug to me.
As a workaround, you can probably comment out the relevant line in $FWDIR/conf/fwauthd.conf and install policy.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events