I've done this before with SecurePlatform NG Feature Pack 3 about 3 years ago. 1) on the linux client machine, generate a private/public key with "ssh-keygen -t rsa" 2) in the /home/sergio/.ssh directory, copy the id_rsa.pub over to the splat box /root/.ssh/authorized_keys file (you may have to create this file). Name it like xxx 3) assign permission "chmod 700" to the authorized_keys file. 4) cat xxx >> authorized_keys 5) you have to do something to the /etc/passwd file, 6) now from the linux client, do this: "ssh -v -l root SmartCenter_IP_address" now you can log into the smartcenter without password. For extra protection, you can use "passphrase" during the "ssh-keygen -t rsa" key creation phrase. Hope that help.
Sergio Alvarez <[EMAIL PROTECTED]> wrote: Thanks for your replies Francisco and David, First of all, I´m very well aware of the fact that SPLAT is not Red Hat, I just mentioned it because I know it is based on it and there are certain things you can do on it as you would on RH. I´m also very aware that SPLAT is a hardened OS and is not intended for anything else but running Check Point software, but I´m sure you guys know that sometimes you just need to bend things a bit when working with limited resources and require to achieve miracles on a network. This SPLAT machine is NOT a firewall, it's just running a SmartCenter and it is located on a very protected area of this network. As I mentioned before, several options have been analyzed prior to decide to go with the solution we are trying to implement and be sure we really know what we are doing. Actually I did not give out all the details of the deployment, so with all due respect, I don't think you are in a position to judge if I'm going in the right direction or not. Regarding the info you provided about the paths where I could find the CPprofile and about the fact that with the admin user you are just getting a cpshell and not bash will be of a big help, I had not thought about that and maybe what we need is to make a change in the /etc/passwd file to allow for admin to go straight to bash without having to use the expert command. Once again, I really appreciate the time you took to reply to my posting. Regards On 7/12/07, David DeSimone wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Sergio Alvarez wrote: > > > > OK, so nobody answered anything about my previous posting (bellow), > > but I found the SPLAT installation disc contains an RPM for Telnet, so > > we are going to try with that. > > I think nobody answered you because we may feel that you are proceeding > in the wrong direction. The solution you describe is probably going to > be fragile, and not really work as effectively as you think it will. > > > This guy, obviously more Linux knowledgeable than me, says he tried > > adding the extra paths he needs using $path:, and usually on any other > > Red Hat, he adds that in .profile or etc/profile so the changes are > > not lost, but he did that in SPLAT and did not work, so we need to > > know how to go about that. > > SPLAT is not "just a red hat box with checkpoint on it." It is a > hardened OS platform. That means many features you find on a generic > Linux server will be missing, and that is BY DESIGN. Missing components > and services cannot be exploited. If you add them, you are reducing the > security of your box. This box is just a firewall, and you would do > better to treat it as just that. > > Your customer installed SPLAT for a reason. If he wanted a regular Red > Hat box running Checkpoint, then he should have installed that. I guess > he would have been happier that way. > > One of the problems you are likely running into is that the admin > account has a shell of /bin/cpshell, which cannot just run standard > commands. If you want to proceed with this, you might need to create > another account, or use the root account, which has a shell of /bin/bash. > > The bash shell should obey your expecations about reading .profile or > /etc/profile in order to set paths correctly. > > The "expert" shell that you get is a subshell, and so it does not read > the .profile or /etc/profile, but that will not necessarily be the case > for a script that you launch via cron, or some other mechanism. > > - -- > David DeSimone == Network Admin == [EMAIL PROTECTED] > "It took me fifteen years to discover that I had no > talent for writing, but I couldn't give it up because > by that time I was too famous. -- Robert Benchley > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFGlrACFSrKRjX5eCoRAiBLAJ0eiMpjWlGyakMHtVuvKKvxeOT39ACfQ4md > uj5aDH8GBH2GOBjSotQ7oxE= > =DPD+ > -----END PGP SIGNATURE----- > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
