CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 13 of 13

Thread: SSH - SCP

  1. #1
    Join Date
    2007-11-11
    Posts
    38
    Rep Power
    0

    Default SSH - SCP

    If you have SSH working and SCP was never configured, what do you need to enable SCP .



    (i did read few of the threads discussing this issue - confusing) - Where do I add the user (Directory)

  2. #2
    Join Date
    2006-04-27
    Location
    Twillight zone
    Posts
    1,009
    Rep Power
    15

    Default Re: SSH - SCP

    proper shell for the user you want to use for scp (not cpshell)
    entry in /etc/scpusers

  3. #3
    Join Date
    2007-11-11
    Posts
    38
    Rep Power
    0

    Default Re: SSH - SCP

    Thanks, so I login as expert and edit this file. Pls advise

  4. #4
    Join Date
    2006-04-27
    Location
    Twillight zone
    Posts
    1,009
    Rep Power
    15

    Default Re: SSH - SCP

    Quote Originally Posted by cooluswiz View Post
    Thanks, so I login as expert and edit this file. Pls advise
    Been posted lots of times on forum and on Checkpoint site but here it is, in nice pdf by one of board members

    http://blog.lachmann.org/wp-content/...appliances.pdf


    Search for scpusers and chsh in the PDF document and you will find it all :) (among other good to know info)

    Good luck :)

  5. #5
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    12

    Default Re: SSH - SCP

    Also here: how to enable scp on a splat gateway

    http://www.cpug.org/forums/check-poi...t-gateway.html
    - boldin
    CISSP
    CCSE/R65

  6. #6
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    15

    Default Re: SSH - SCP

    Here's a gotcha. Since CP went to Red Hat 2.6 there is an issue with copying large files, large being greater than about 10 MB, when using versions of WinSCP later than 4.1.9. The issue is it doesn't work. :-)

    The thread on the WinSCP forum says it's actually a bug in the OpenSSL software in Red Hat that is exposed by the client. WinSCP does not have any kind of fix.

    The only solution is to get WinSCP v4.1.9 from the archive on Sourceforge. Unfortunately that version doesn't do FTPS (FTP over SSL) so now I have two installations of WinSCP on my computer.

    We hit this when we were trying to move log files off the R70.30 SmartCenter. The transfer starts and then crashes. It's flawless with WinSCP 4.1.9.

    Ray

  7. #7
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    16

    Default Re: SSH - SCP

    Quote Originally Posted by RayPesek View Post
    The only solution is to get WinSCP v4.1.9
    Or use a different client. putty/pscp FTW.

  8. #8
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    15

    Default Re: SSH - SCP

    Command line? eeewww. :-)

    WinSCP has a Putty folder and they are using pageant.exe and puttygen.exe for something.

    I haven't had to add anything into /etc/scpusers for at least a couple of versions now and it still works.

    Ray

  9. #9
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    857
    Rep Power
    15

    Default Re: SSH - SCP

    How does that happen?

    The build of openssh in secureplatform doesn't support SFTP and the SCP subsystem has a little piece that validates the user is authorized to SCP via /etc/scpusers.

  10. #10
    Join Date
    2008-09-18
    Posts
    62
    Rep Power
    12

    Default Re: SSH - SCP

    A bug in OpenSSL? AFAIK, OpenSSH and OpenSSL are TOTALLY unrelated.
    I guess you really meant OpenSSH.

    FWIW, I used to update some packages (tcpdump, libpcap) and add some more (wget, bzip2) to Splat 2.4 from the CentOS 2.1 repository.
    The same could probably be done with CentOS 3.x on Splat 2.6.
    As long as you don't try to update packages too close to the kernel, you should be safe.

  11. #11
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    15

    Default Re: SSH - SCP

    Yeah, it's one of those OpenSS things. I don't know how it works but it does. There's no /etc/scpusers file at all. Maybe because it's the "expert' account?

    Ray

  12. #12
    Join Date
    2008-09-25
    Posts
    8
    Rep Power
    0

    Default Re: SSH - SCP

    If you are having problems transferring large files, (for example >1MB), use WinSCP 4.2.9 and do the following:

    Start new session, click on SSH, Under protocol options, click on "Enable compression"

    Then start your session, and you should be fine.

    This was tested on WinSCP 4.2.9 and R71.10

  13. #13
    Join Date
    2013-03-05
    Posts
    58
    Rep Power
    7

    Default Re: SSH - SCP

    Quote Originally Posted by northlandboy View Post
    Or use a different client. putty/pscp FTW.
    pscp does not work either.

    Fix is in R75.46 or you can work around it by:
    Switching WinSCP to SCP and uncheck the optimize buffer option.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •