Enable SFTP to Checkpoint Gaia OS System - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Monday, January 7, 2013

Enable SFTP to Checkpoint Gaia OS System

1. Enable SFTP on Checkpoint either SPLAT or Gaia

By default, there is no SFTP access to Checkpoint OS either SPLAT or Gaia. But there is always a way to enable it manually.  Here is a listed steps to do it from Gaia command line

1.1. Enter into Expert Mode

1.2. Enable an account to have bash access

chsh -s /bin/bash admin

1.3. Edit the SSHD configuration file in Vi editor:

[Expert@CP]# vi /etc/ssh/sshd_config

1.4. At the almost end of sshd_config file, uncomment the 'Subsystem  sftp  /usr/libexec/openssh/sftp-server' line by deleting the pound '#' character:

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

DenyUsers root shutdown halt nobody ntp pcap rpm
# ckp - CR00596011
#AllowGroups root
"/etc/ssh/sshd_config" 124L, 3422C written

1.5. Save the changes and exit Vi editor

1.6. Restart SSHD service:

[Expert@CP]# /etc/init.d/sshd restart
Stopping sshd: [  OK  ]
Starting sshd: [  OK  ]

1.7. Set Admin back to default clish shell, simply run 'chsh -s /etc/cli.sh admin' command.

Note: Please remember you will get an error message if you did not put admin into bash mode while doing sftp:
(Received too large(1129072974 B) SFTP packet. Max Supported packet size is 1024000 B.)


2. Another way to enable SFTP on Gaia

It is possible to enable an SFTP server on any Gaia device via the SSH deamon. To do so, edit the file /etc/ssh/sshd_config:

2.1 Look for the line '#Subsystem     sftp     /usr/libexec/openssh/sftp-server' and change it to 'Subsystem sftp internal-sftp'

2.2 Restart the SSHd via command:[expert@host]# /sbin/service sshd restart
You can now connect to the device through any SFTP client using port 22.

No comments:

Post a Comment