Configuring SCP on Checkpoint SecurePlatform (SPLAT)

Posted by & filed under Sécurité.

The following error is found when tyring to scp to a SPLAT unconfigured for it:

 [server] scp upgrade_export.tgz admin@xx.xx.xx.xx:/tmp
The authenticity of host ‘xx.xx.xx.xx (xx.xx.xx.xx)’ can’t be established.
RSA key fingerprint is 34:ff:52:0e:d6:57:53:12:d5:60:aa:7e:fa:e1:91:a8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘xx.xx.xx.xx’ (RSA) to the list of known hosts.
admin@xx.xx.xx.xx’s password:
lost connection

To resolve this alow SCP access with these steps:

  • Create a dedicated user to scp (it is not recommended to change root or your admin account):
useradd scpuser
  • Add a password for this user:
passwd scpuser
  • Change user shell to bash
chsh -s /bin/bash scpuser
  • Create scpusers file which allow SCP connection for listed users
touch /etc/scpusers
  • Edit the file and add the users you want to allow for scp
echo "scpuser" >> /etc/scpusers
  • Restart the ssh service
service sshd restart

And that’s it. You can now transfer/retrieve files with SCP to/from SPLAT.

Leave a Reply