SSH passwords stopped working

[Kitty]

Hello

First thing please to be aware of is I am very inexperienced and have therefore looked everything up online.

We have a Checkpoint cluster of two, R75.45. The problem I have is that I now cannot access the firewall console after following the instructions below.

I needed to run a migrate export. Managed that OK using Putty to ssh to the firewall management console.

But when I tried to use WinSCP to transfer the file to my desktop the connection kept failing. Then I found this great CheckPoint document "How to Connect on a Check Point SPLAT or Gaia Gateway with a SFTP/SCP Client", http://www.cpfirewall.com/how-to-con...tp-scp-client/.

It explained that you had to promote the admin user to expert level so that the WinScp connection would work, by doing this:

login as: admin
admin@x.x.x.x password:
[CPFIREWALL]# expert
Enter expert password:
You are in expert mode now.
[Expert@CPFIREWALL]# chsh –s /bin/bash admin
Changing shell for admin.
Shell changed.
[Expert@CPFIREWALL]#

This worked fine, WinSCP connected and I copied the file over to my Windows desktop.

It said you then needed to revert admin back as follows:

[Expert@CPFIREWALL]# chsh –s /bin/cpshell admin
Changing shell for admin.
Warning: “/bin/cpshell” is not listed in /etc/shells
Shell changed.
[Expert@CPFIREWALL]#

Unfortunately this didn't work for me - I got:

[Expert@fwmgr]# chsh -s /bin/cpshell admin
Changing shell for admin.
chsh: "/bin/cpshell" does not exist.
[Expert@fwmgr]#

On the CPUG I found an instruction with the same purpose as follows:

[Expert@fwmgr]# chsh -s /etc/cpshell admin
Changing shell for admin.
Warning: "/etc/cpshell" is not listed in /etc/shells
Shell changed.
[Expert@fwmgr]#

which seemed to work fine BUT now I cannot log in as admin or expert - it tells me my password is wrong for both!!

I can access the SmartDashboard to the firewall itself, I can browse to the Gaia Portal OK, I can SSH to each of the firewalls separately and also the firewall cluster address. But I cannot access the console any more.

I found another CPUG suggestion to create a new admin level user in the Gaia Portal which I did, but I still cannot SSH to the console as that user either.

I would very much appreciate any help anyone can give me.

Thank you very much in anticipation.

Kitty

[Kitty]

Panic over!

I was too impatient and scared - it seemed to be taking a long time to think about my passwords before it decided it didn't like them - but when I tried again just now it accepted them straight away.

Thank you all you kind people who were having a look. :-)

Kitty