CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E


Results 1 to 2 of 2

Thread: SSH passwords stopped working

  1. #1
    Join Date
    Rep Power

    Default SSH passwords stopped working


    First thing please to be aware of is I am very inexperienced and have therefore looked everything up online.

    We have a Checkpoint cluster of two, R75.45. The problem I have is that I now cannot access the firewall console after following the instructions below.

    I needed to run a migrate export. Managed that OK using Putty to ssh to the firewall management console.

    But when I tried to use WinSCP to transfer the file to my desktop the connection kept failing. Then I found this great CheckPoint document "How to Connect on a Check Point SPLAT or Gaia Gateway with a SFTP/SCP Client", http://www.cpfirewall.com/how-to-con...tp-scp-client/.

    It explained that you had to promote the admin user to expert level so that the WinScp connection would work, by doing this:

    login as: admin
    admin@x.x.x.x password:
    [CPFIREWALL]# expert
    Enter expert password:
    You are in expert mode now.
    [Expert@CPFIREWALL]# chsh –s /bin/bash admin
    Changing shell for admin.
    Shell changed.

    This worked fine, WinSCP connected and I copied the file over to my Windows desktop.

    It said you then needed to revert admin back as follows:

    [Expert@CPFIREWALL]# chsh –s /bin/cpshell admin
    Changing shell for admin.
    Warning: “/bin/cpshell” is not listed in /etc/shells
    Shell changed.

    Unfortunately this didn't work for me - I got:

    [Expert@fwmgr]# chsh -s /bin/cpshell admin
    Changing shell for admin.
    chsh: "/bin/cpshell" does not exist.

    On the CPUG I found an instruction with the same purpose as follows:

    [Expert@fwmgr]# chsh -s /etc/cpshell admin
    Changing shell for admin.
    Warning: "/etc/cpshell" is not listed in /etc/shells
    Shell changed.

    which seemed to work fine BUT now I cannot log in as admin or expert - it tells me my password is wrong for both!!

    I can access the SmartDashboard to the firewall itself, I can browse to the Gaia Portal OK, I can SSH to each of the firewalls separately and also the firewall cluster address. But I cannot access the console any more.

    I found another CPUG suggestion to create a new admin level user in the Gaia Portal which I did, but I still cannot SSH to the console as that user either.

    I would very much appreciate any help anyone can give me.

    Thank you very much in anticipation.


  2. #2
    Join Date
    Rep Power

    Default Re: SSH passwords stopped working

    Panic over!

    I was too impatient and scared - it seemed to be taking a long time to think about my passwords before it decided it didn't like them - but when I tried again just now it accepted them straight away.

    Thank you all you kind people who were having a look. :-)


Similar Threads

  1. WebUI on SmartCenter Server Stopped Working
    By kaydo in forum Check Point SecurePlatform (SPLAT)
    Replies: 9
    Last Post: 2011-09-29, 17:12
  2. Backups on SPLAT stopped working after upgrade.
    By gregmcc in forum Check Point Backup Procedures
    Replies: 2
    Last Post: 2011-02-16, 04:17
  3. Not working when Complexity passwords wused in AD LDAP
    By datta in forum SmartDirectory/LDAP/Active Directory
    Replies: 0
    Last Post: 2010-12-16, 08:29
  4. VPN stopped working: VPND using 100% CPU
    By tnorton in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 6
    Last Post: 2007-01-25, 19:59
  5. Alerting via email in NGX Stopped working
    By scbennett65 in forum SmartView Tracker
    Replies: 5
    Last Post: 2006-04-11, 07:05


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts