create a file called /etc/scpusers and add the users that are allowed to scp into that file. Note that the admin user have cpshell as default shell, so create another user that have another shell as default and use that as the scp user.
//Thomas >>> [EMAIL PROTECTED] 05-02-25 13:50 >>> Fyi, there's no sftp-server in /usr/libexec/openssh at least in SPLAT R55 as far as I know. Without it, you can't scp and grab files from SPLAT. My workaround is to get the package and compile it on RH 7.2 which is supposedly what SPLAT was based on. Hope that helps. > >Date: Thu, 24 Feb 2005 04:20:40 -0800 >From: cisco4ng <[EMAIL PROTECTED]> >Subject: Secure Copy (scp) from a unix/linux machine to a Secureplatform >box to retrieve a file > >I would like to know how to use Secure Copy (scp) from a linux machine >to a Checkpoint NG AI R55w running on Secureplatform using RSA >key authentication instead of password. >Here is what I did: >1) on the linux machine, run "ssh-keygen -t rsa" >2) on the secureplatform, in expert mode: > a) cd /root/.ssh > b) ssh-keygen -t rsa > c) touch authorized_keys > d) chmod 644 authorized_keys >3) copy the id_rsa.pub from the linux machine to the SPLAT machine. > (I had to do this via scp with password FROM the SPLAT box back > to the linux machine). >4) on the spat box, "cat id_rsa.pub >> authorized_keys" >5) modify the sshd_config file on the SPLAT box as follows: > Subsystem sftp /usr/libexec/openssh/sftp-server > DenyUsers shutdown halt nobody ntp pcap rpm > AllowGroups admin root >6) on the splat box, "service sshd restart" >7) from the linux machine, I can do this: > [EMAIL PROTECTED] .ssh]# ssh -l root 192.168.1.2 > Last login: Mon Feb 21 09:27:25 2005 from 192.168.1.100 > [EMAIL PROTECTED] >I can ssh into the splat box without password; however, when I try >to use secure copy (scp) to retrieve a file from the SPLAT box back >to my linux machine, the connection seems to be fine but I am not >receiving any files on my linux machine. All I am getting is this: >[EMAIL PROTECTED] tmp]# scp [EMAIL PROTECTED]:/etc/sysconfig/cpnetstart >/tmp/. >[EMAIL PROTECTED] tmp]# ls >comment_file15Feb2005-05:12:4618680 orbit-root ssh-XXv1SMuU xyz >hsperfdata_root rand.seed tmp >[EMAIL PROTECTED] tmp] >As you can see, no cpnetstart file in my local linux machine /tmp >directory. what am I doing wrong here? Please help. > > > >--------------------------------- >Do you Yahoo!? > Yahoo! Mail - Easier than ever with enhanced search. Learn more. > _________________________________________________________________ Get your mobile ringtones, operator logos and picture messages from MSN Mobile http://msn.smsfactory.no/ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
