CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 10 of 10

Thread: Is it possible to SFTP files off of Gaia?

  1. #1
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    14

    Default Is it possible to SFTP files off of Gaia?

    We want to automate the movement of migrate exports off of the R77.30 SmartCenter but our internal file transfer system does not support SCP, just FTP, SFTP and FTPS. I'd rather not use FTP. Any thoughts on how to do this would be appreciated, except for "replace your internal file transfer system".

    The ultimate destination will be a Windows share.

    Thanks,

    Ray

  2. #2
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    14

    Default Re: Is it possible to SFTP files off of Gaia?

    I often find that it helps to post a help request like these because then it makes my brain engage. It looks like it may be built in now:

    [Expert@sc:0]# cd /usr/bin
    [Expert@sc:0]# ./sftp
    usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]
    [-o ssh_option] [-P sftp_server_path] [-R num_requests]
    [-S program] [-s subsystem | sftp_server] host
    sftp [[user@]host[:file [file]]]
    sftp [[user@]host[:dir[/]]]
    sftp -b batchfile [user@]host

    Has anyone actually used this successfully? Our exports are between 12 and 15 GB.

    Ray

  3. #3
    Join Date
    2006-09-26
    Posts
    3,127
    Rep Power
    15

    Default Re: Is it possible to SFTP files off of Gaia?

    Quote Originally Posted by RayPesek View Post
    I often find that it helps to post a help request like these because then it makes my brain engage. It looks like it may be built in now:

    [Expert@sc:0]# cd /usr/bin
    [Expert@sc:0]# ./sftp
    usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]
    [-o ssh_option] [-P sftp_server_path] [-R num_requests]
    [-S program] [-s subsystem | sftp_server] host
    sftp [[user@]host[:file [file]]]
    sftp [[user@]host[:dir[/]]]
    sftp -b batchfile [user@]host

    Has anyone actually used this successfully? Our exports are between 12 and 15 GB.

    Ray

    Yes, I've done it. You can do the following on the R77.30 with JHFA 216:

    on the /etc/ssh/sshd_config

    1- from

    #Subsystem sftp /usr/libexec/openssh/sftp-server

    to

    Subsystem sftp /usr/libexec/openssh/sftp-server

    2- restart sshd service: service sshd restart

    Sample:

    [Expert@lab-p1-mc:0]# sftp 192.168.1.1
    Connecting to 172.31.167.9...
    ************************************************** *****************
    ATTENTION
    THIS IS SANDBOX LAB Playground
    ************************************************** ***************
    admin@192.168.1.1's password:
    sftp> quit
    [Expert@lab-p1-mc:0]#

    Easy right?

    Yes, I once transferred 10TB of log from the log server to another external Windows system via sFTP and it seems to work well.
    Last edited by cciesec2006; 3 Weeks Ago at 13:37.

  4. #4
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    14

    Default Re: Is it possible to SFTP files off of Gaia?

    Thanks for the quick reply. I already had it enabled so that part is good. This looks like it solves all of my issues. I actually stumbled on it by accident. I was searching the SK articles and came across one that said "It you cannot use FTP, SCP or SFTP then ..."

    And I went, "Wait, what?"

    My experience goes back to 1999 and sometimes that knowledge of what was possible in the past is a hindrance to knowing what can be done today.

    Ray
    Last edited by RayPesek; 3 Weeks Ago at 21:07.

  5. #5
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    198
    Rep Power
    12

    Default Re: Is it possible to SFTP files off of Gaia?

    I use a script like this on my SmartCenters to push a nightly export to a central repository:

    Code:
    #!/bin/sh
    # Creates a 'migrate export' file which can be used to rebuild a SmartCenter
    # using the migrate_import command.
    #
    # Set up the Check Point environment variables like $FWDIR.
    . /etc/profile.d/CP.sh
    
    # Set the variables we'll use.
    export DATE=`date +%Y-%m-%dT%H%M%S`
    export FILE_NAME=/var/scripts/output/${DATE}_`hostname`_export
    export TOOLS_PATH=$FWDIR/bin/upgrade_tools
    export REMOTEUSER="<someUser>"
    export REMOTESERVER="<10.20.30.40>"
    
    # Start the backup and automatically respond when it says to press Enter.
    echo "y" | $TOOLS_PATH/migrate export $FILE_NAME
    
    # Copy the export off of the system using public key authentication for SFTP.
    echo "put $FILE_NAME.tgz" > sftpBatch.tmp
    /usr/bin/sftp -oIdentityFile=/home/admin/.ssh/id_rsa -b sftpBatch.tmp $REMOTEUSER@$REMOTESERVER:<remote/path/here>
    rm sftpBatch.tmp
    
    # Delete the local copy of old backup files.
    /usr/bin/find /var/scripts/output/ -name *_export.tgz -ctime +1 -print -exec rm -f {} \;
    The three items in <> must be replaced, of course. It's scheduled with cron using clish. No error checking in the production version yet, but I'm slowly working on it in my lab (you know how it goes: once it's working at all, management wants you on to the next shiny thing that caught their eye).
    Zimmie

  6. #6
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    14

    Default Re: Is it possible to SFTP files off of Gaia?

    Thanks! I wrote up how I think it can work and we'll be testing it tomorrow or Monday. I see some stuff you wrote that I may steal.

    BTW, I think you can replace this line:

    echo "y" | $TOOLS_PATH/migrate export $FILE_NAME

    with

    $TOOLS_PATH/migrate export -n $FILE_NAME

    The -n means no prompting. I'll find out soon enough if that works.

    Ray

  7. #7
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    198
    Rep Power
    12

    Default Re: Is it possible to SFTP files off of Gaia?

    That will probably work. It was originally written for R60 or so, which used the old upgrade_export instead. I donít think it supported any switches like that.
    Zimmie

  8. #8
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,475
    Rep Power
    14

    Default Re: Is it possible to SFTP files off of Gaia?

    Hopefully not going to be too slow using SFTP? My experience was always that it was much slower than SCP. Never really dug into exactly why though.

  9. #9
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    14

    Default Re: Is it possible to SFTP files off of Gaia?

    Dunno. We'll find our soon. I'm going to run it weekly on Sundays so it shouldn't be an issue.

    Done any good bike trips lately, Lindsay? Our family followed your around-the-world one. It was really fascinating.

    Ray
    Last edited by RayPesek; 3 Weeks Ago at 20:44.

  10. #10
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,475
    Rep Power
    14

    Default Re: Is it possible to SFTP files off of Gaia?

    Quote Originally Posted by RayPesek View Post
    Done any good bike trips lately, Lindsay? Our family followed your around-the-world one. It was really fascinating.
    Only doing day trips at the moment, either riding around San Francisco area, or mountain biking trips like this one in Phoenix.

    Currently plotting our next move. Would like to do a few short bike packing trips in the Bay Area & surrounds. Then later if/when I get Green Card, maybe take a few months off & do Trans-America trip. Fingers crossed that one works out.

Similar Threads

  1. Cleaning up, local cpbackup-files (GAiA)
    By Dennis in forum Check Point on Open Servers
    Replies: 4
    Last Post: 2016-01-22, 13:51
  2. Archive LOG Files and Copy to SFTP Server
    By abc150781 in forum Scripts and Tools
    Replies: 0
    Last Post: 2015-03-16, 07:51
  3. GAiA System backup with Logs Files
    By abc150781 in forum R77.20
    Replies: 0
    Last Post: 2015-03-13, 04:16
  4. scp/sftp on GAIA R75.47 very slow
    By cciesec2006 in forum Miscellaneous
    Replies: 1
    Last Post: 2014-06-12, 20:05
  5. Enabling SFTP on GAiA
    By varera in forum R75.40 (GAiA)
    Replies: 0
    Last Post: 2012-08-19, 09:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •