Re: [FW-1] Sv: Re: [FW-1] Secure Copy (scp) from a unix/linux machine to

Subject:	Re: [FW-1] Sv: Re: [FW-1] Secure Copy (scp) from a unix/linux machine to a Secureplatform box to
From:	cisco4ng <cisco4ng AT YAHOO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 25 Feb 2005 12:33:02 -0800

Thomas,
Thank you very much for the tip.  I can now scp from my linux machine to the 
SPLAT
box.  I followed your advice and add user "root" into the /etc/scpusers file.  
After that,
I can do everything with scp via key authentication.

You rock!



Thomas Mårtensson <thomas.martensson AT NUTEK DOT SE> wrote:
create a file called /etc/scpusers and add the users that are allowed to
scp into that file. Note that the admin user have cpshell as default
shell, so create another user that have another shell as default and use
that as the scp user.

//Thomas


>>> monzon AT HOTMAIL DOT COM 05-02-25 13:50 >>>
Fyi, there's no sftp-server in /usr/libexec/openssh at least in SPLAT
R55 as
far as I know.

Without it, you can't scp and grab files from SPLAT.

My workaround is to get the package and compile it on RH 7.2 which is
supposedly what SPLAT was based on.

Hope that helps.

>
>Date: Thu, 24 Feb 2005 04:20:40 -0800
>From: cisco4ng
>Subject: Secure Copy (scp) from a unix/linux machine to a
Secureplatform
>box to retrieve a file
>
>I would like to know how to use Secure Copy (scp) from a linux machine
>to a Checkpoint NG AI R55w running on Secureplatform using RSA
>key authentication instead of password.
>Here is what I did:
>1) on the linux machine, run "ssh-keygen -t rsa"
>2) on the secureplatform, in expert mode:
> a) cd /root/.ssh
> b) ssh-keygen -t rsa
> c) touch authorized_keys
> d) chmod 644 authorized_keys
>3) copy the id_rsa.pub from the linux machine to the SPLAT machine.
> (I had to do this via scp with password FROM the SPLAT box back
> to the linux machine).
>4) on the spat box, "cat id_rsa.pub >> authorized_keys"
>5) modify the sshd_config file on the SPLAT box as follows:
> Subsystem sftp /usr/libexec/openssh/sftp-server
> DenyUsers shutdown halt nobody ntp pcap rpm
> AllowGroups admin root
>6) on the splat box, "service sshd restart"
>7) from the linux machine, I can do this:
> [root@linux-10g .ssh]# ssh -l root 192.168.1.2
> Last login: Mon Feb 21 09:27:25 2005 from 192.168.1.100
> [Expert@Checkpoint-cp01]#
>I can ssh into the splat box without password; however, when I try
>to use secure copy (scp) to retrieve a file from the SPLAT box back
>to my linux machine, the connection seems to be fine but I am not
>receiving any files on my linux machine. All I am getting is this:
>[root@linux-10g tmp]# scp root@192.168.1.2:/etc/sysconfig/cpnetstart
>/tmp/.
>[root@linux-10g tmp]# ls
>comment_file15Feb2005-05:12:4618680 orbit-root ssh-XXv1SMuU xyz
>hsperfdata_root rand.seed tmp
>[root@linux-10g tmp]
>As you can see, no cpnetstart file in my local linux machine /tmp
>directory. what am I doing wrong here? Please help.
>
>
>
>---------------------------------
>Do you Yahoo!?
> Yahoo! Mail - Easier than ever with enhanced search. Learn more.
>

_________________________________________________________________
Get your mobile ringtones, operator logos and picture messages from MSN
Mobile http://msn.smsfactory.no/

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


---------------------------------
Do you Yahoo!?
 Yahoo! Mail - 250MB free storage. Do more. Manage less.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Sv: Re: [FW-1] Secure Copy (scp) from a unix/linux machine to a Secureplatform box to, Thomas Mårtensson [FW-1] Sv: Re: [FW-1] Secure Copy (scp) from a unix/linux machine to a Secureplatform box to, Thomas Mårtensson Re: [FW-1] Sv: Re: [FW-1] Secure Copy (scp) from a unix/linux machine to a Secureplatform box to, cisco4ng <=

Previous by Date:	Re: [FW-1] How do I know I am hacked, Reinhard Stich
Next by Date:	[FW-1] SmartDefense and IM applications, Juan Andrés Galavís
Previous by Thread:	[FW-1] Sv: Re: [FW-1] Secure Copy (scp) from a unix/linux machine to a Secureplatform box to, Thomas Mårtensson
Next by Thread:	[FW-1] Using sendmail with NG & Nokia, Milliken, Larry
Indexes:	[Date] [Thread] [Top] [All Lists]