A common question I get from customers is how to securely copy files to and from a SPlat box. Most people assume that because SSH is enabled that SCP and SFTP are enabled as well.

SFTP is a tool which allows users familiar with FTP commands to use the same approach over SSH. This does require an SFTP subsystem on the server-side, but it is not currently available on SPlat.

SCP is available on SPlat, but does not work “out of the box.” The SSH build used on SPlat requires that a special file be created. In that file, you must include the names of the accounts that you wish to allow SCP access. The name of the file is ‘scphosts’ and it is put in the ‘/etc’ directory. This is covered in article sk26258, but I find that quite a few customers forget to check the Check Point Knowledge Base. If you happen to be new to ‘SCP’ take a look at sk26286 for some examples.

To get this setup quickly, SSH to a SPlat box and use the text below:

echo [name of account]>>/etc/scpusers *Note the ‘>>’ will create or append an existing file*

So to enable the default account ‘admin’ you would use:

echo admin>>/etc/scpusers

Each additional account must be on its own line, but the ‘>>’ will take care of that.

SCP and SPlat

3 thoughts on “SCP and SPlat

  • April 16, 2007 at 8:56 pm
    Permalink

    Yeah I saw this before. You should do a quick one on using WinSCP with SPlat if you get a chance. We swear by WinSCP at work, but it does take a little tweaking to get setup.

  • June 9, 2007 at 10:46 am
    Permalink

    This may not be the most secure way of doing it, but you can also change the shell of the user you want to SCP as to bash from cpshell and SCP will work.

    chsh admin [or whichever user you want] and it will prompt you for the shell you want to use.

    Don’t forget to chsh [user] back to cpshell if you want the non-expert / expert mode again.

  • July 8, 2007 at 11:10 pm
    Permalink

    eh eh … that’s because of checkpoint cpshell and WinSCP that tries to send a ‘ls -l’ when connecting. that’s not actually a very standard behaviour from winscp.

Leave a Reply

Your email address will not be published. Required fields are marked *