Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

govinda

scp authorized keys standards

I am not sure if this is helpful. There are actually two (or more standards) for the authorized keys for the non interactive logins. Please check with the ssh_keygen command for the compatibility between openssh and ssh (commercial - or other) formats. It has a switch (if I am not wrong it is -X) to convert between formats.

I used it once to provide non-interactive logins between Solaris and Linux.

Hope that is helpful,
Govinda
Guest

Re: Solution

>This specific problem has nothing to do with winscp, it >affects all scp variants, as it is a problem of Check Point >SPLAT.

Actually, NO. OpenSSH SCP works just fine with Check Point SPLAT SSH. For Windows users that do not want to use the OpenSSH version (which is available for Windows), use PuTTY's PSCP. Unlike WinSCP, they all work fine with Check Point SPLAT or any other standards compliant SCP server. The problem is in WinSCP assumptions about what access SCP provides, not in the restrictions on SPLAT.
Guest

In SecureKnowledge this is Solution ID: sk26258

In HFA 04 the SSH package was hardened to prevent users with regular
permissions from copying files to SecurePlatform from the outside

Procedure:
In expert mode on SecurePlatform:

1) create /etc/scpusers file

"touch /etc/scpusers"

2) Open "scpusers" with a text editor such as vi.

"vi /etc/scpusers"

3) Add authorized users, list 1 per line.

NOTE:
Only users listed in this file will be allowed to use scp.

4) Restart ssh with 'service sshd restart' on command line

Hope this helps

--
Ady Romantika
Jor

Solution

This specific problem has nothing to do with winscp, it affects all scp variants, as it is a problem of Check Point SPLAT.

SPLAT is a striped down, hardened Linux where the default admin user has a special shell (/bin/cpshell) instead of a normal bourne shell (/bin/bash). This is problem #1, since scp relies on a bourne-like login-shell for launching the remote counterpart of scp, it won't work with cpshell as login shell.
Problem #2 is the fact, that only the default "admin" username appears in /etc/scpusers (similar to ftpusers) on NGX R60 and R61 SPLAT versions (older ones apparently don't use this file).

Solution to Problem #1 and #2: on the SPLAT system, add a user with the login shell /bin/bash i.e. use the adduser script and then change the login shell in /etc/passwd or add it manually with vi (don't forget /etc/shadow ;). Once this has been done, add the new username to /etc/scpusers.

Now you can use Winscp or any other scp client to transfer files to and fro the SPLAT box (mind the Check Point firewall policy thou ;).

Jor
martin

Re: connecting to linux 2.4 failed

Please post a log file.
James Lee

connecting to linux 2.4 failed

I have downloaded winscp382.exe and trying to connect to linux 2.4 (Check point secure platform).

I have successfully connected to the linux box using putty.exe to the port tcp 22. but using this winscp382 I am getting an error as following(I am using BASH):
"Error skiping startup message. Your shell is probably incompatible with the application (BASH is recommended).
Connection has been unexpectedly closed. Server sent command exit status 0."

Please help me
Thank you
James Lee
j.lee@organonusa.com