This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PeterB
Explorer
‎2024-06-17 08:17 AM

Unable to login to Security Gateway in Console, SSH, or Gaia Portal

Hello everyone,

There is a problem with the admin login on our Checkpoint IP 395 with GAIA OS R77.30. After entering the username in Console, or SSH, the login process is restarted and a"Permission denied" error when trying to log in Gaia Portal.

The steps from sk109114 were carried out, but did not solve the error. Are there any other possibilities? 

 

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
‎2024-06-17 04:49 PM

This is definitely way out of support and a very uncommon configuration to boot.

What is your intended purpose in trying to gain access to this system?

PeterB
Explorer
‎2024-07-08 02:58 AM
In response to PhoneBoy

Thank you very much for the quick response. We know that this is an old system, but we need access to be able to install the patch for CVE-2024-24919.

0 Kudos
the_rock
Legend
Legend
‎2024-06-17 08:11 PM

IP395? wow, never thought would see that model mentioned here these days lol

Anyway, did you try physically powercycle it and carry out those steps?

Andy

0 Kudos
PeterB
Explorer
‎2024-07-08 03:03 AM
In response to the_rock

Thank you very much for your feedback. We have carried out the specified steps and performed a power cycle via our Security Management Server. But the login behavior has not changed.

0 Kudos
the_rock
Legend
Legend
‎2024-07-08 03:13 AM
In response to PeterB

I have no clue then mate, sorry : - (.

0 Kudos
PeterB
Explorer
‎2024-07-08 03:18 AM
In response to the_rock

Thanks for your help ... 👍

0 Kudos
the_rock
Legend
Legend
‎2024-07-08 04:35 AM
In response to PeterB

I found some stuff online about it, more generally related to linux and they all say its most likely permission issues with the account. Is there another admin account you can try?

Andy

0 Kudos
PeterB
Explorer
2 weeks ago
In response to the_rock

No, unfortunately there is no other admin account on the gateway.

Peter

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-07-08 06:44 AM

Try using cprid_util on the management to show the contents of /var/log/secure:

$CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd cat /var/log/secure

This should give you more information about what is going wrong.

0 Kudos
PeterB
Explorer
2 weeks ago
In response to Bob_Zimmerman

When I try to log in to the system as the admin user via SSH, I get the log message:
“sshd[2590]: Failed password for... ”
When I try to log in as the same admin user via the console, I get the log message:
“Login: Permission denied”
Peter

0 Kudos
Bob_Zimmerman
Authority
Authority
2 weeks ago
In response to PeterB

These commands on your management should add a new user named "backupAdmin" with the password set to '1qaz!QAZ':

firewall="<IP_of_Gateway>"

scriptFile=$(mktemp)
cat << 'EOF' > "${scriptFile}"
add user backupAdmin uid 0 homedir /home/backupAdmin
add rba user backupAdmin roles adminRole
set user backupAdmin gid 100 shell /bin/bash
set user backupAdmin password-hash $6$rounds=10000$hv3SByNB$0g9QWW2Peb0KNHBQvFdMsYPmFAV9Q1HP2jsBeO5RzlqAqMZWxRNNOgTbqVqoeFclLMDYLp/ojcDqlD2JDkQrA1
EOF

$CPDIR/bin/cprid_util -server "${firewall}" putfile -local_file "${scriptFile}" -remote_file "${scriptFile}" -perms 444
$CPDIR/bin/cprid_util -server "${firewall}" rexec -rcmd clish -s -f "${scriptFile}"

Replace <IP_of_Gateway> with the address your management uses to refer to the specific box, same as before.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events