Firewall Security

SCP to transfer files to Checkpoint SPLAT



By January 16, 2009 Post a comment

When you SCP to Checkpoint SPLAT firewall and get the error “lost connection”, this is what you may see

[server] scp log1.tgz admin@xx.xx.xx.xx:/tmp
The authenticity of host ‘xx.xx.xx.xx (xx.xx.xx.xx)’ can’t be established.
RSA key fingerprint is 33:ff:72:0d:d6:57:53:16:d6:60:da:7e:f8:61:71:a8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘xx.xx.xx.xx’ (RSA) to the list of known hosts.
admin@xx.xx.xx.xx’s password:
lost connection

To resolve this do the following

1. make sure the admin shell has been changed from /bin/cpshell to /bin/bash

chsh admin
Changing shell for admin.
New shell [/bin/cpshell]: /bin/bash
Shell changed.

2. create a new file “touch /etc/scpusers”

3. edit the file and add the users you want to allow for scp

example:
more /etc/scpusers
admin

4. restart the ssh service

service sshd restart

Related posts:

  1. Use SCP with Cisco routers and PIX/ASA firewalls to transfer files.
  2. Recovering Nokia IPSO Password
  3. How to check what linux shell I am using?
  4. Installing Checkpoint HFA
  5. Checkpoint SPLAT Route commands
Print This PostTags:


Discussion

2 comments for “SCP to transfer files to Checkpoint SPLAT”

  1. Doesn’t work for me. I am using SSH Secure Shell and the SSH Secure File Transfer. Even with the changes made above I am still unable to get into the file transfer portion.

    Posted by jason | May 13, 2010, 4:58 pm

  2. tcpdump to check if the attempts reach the device, see /var/log/secure for any error messages, check the /etc/ssh/ssd_config file for any kind of restrictions.

    Posted by admin | May 14, 2010, 2:35 am

Post a comment

Translator