나의 최종 목표는 SSH를 통해서만 액세스할 수 있는 우분투 16.04를 실행하는 서버의 CheckPoint VPN 뒤에 있는 FTP 서버에서 파일을 다운로드하는 것입니다.
나는 다음에 설명된 단계를 따랐습니다.이 답변, 구체적으로:
snx
버전 800007075 설치
wget https://starkers.keybase.pub/snx_install_linux30.sh?dl=1 -O snx_install.sh
- 종속성을 설치합니다.
sudo apt-get install libstdc++5:i386 libx11-6:i386 libpam0g:i386
- 달리기
chmod a+rx snx_install.sh
sudo ./snx_install.sh
- 파일 을 생성합니다
~/.snxrc
:
server <server_ip>
username <vpn_user>
reauth yes
그 이후(그리고 4단계 이전)에 시도할 때마다 다음과 같은 결과를 snx -s <server_ip> -u <vpn_user>
얻습니다.
Check Point's Linux SNX
build 800007075
Please enter your password:
SNX: Connection aborted.
여기서의 출력은 sudo ldd /usr/bin/snx
다음과 같습니다.
linux-gate.so.1 => (0xf7795000)
libX11.so.6 => /usr/lib/i386-linux-gnu/libX11.so.6 (0xf7639000)
libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0xf761c000)
libresolv.so.2 => /lib/i386-linux-gnu/libresolv.so.2 (0xf7603000)
libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xf75fe000)
libpam.so.0 => /lib/i386-linux-gnu/libpam.so.0 (0xf75ee000)
libnsl.so.1 => /lib/i386-linux-gnu/libnsl.so.1 (0xf75d2000)
libstdc++.so.5 => /usr/lib/i386-linux-gnu/libstdc++.so.5 (0xf7518000)
libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xf7362000)
libxcb.so.1 => /usr/lib/i386-linux-gnu/libxcb.so.1 (0xf733c000)
/lib/ld-linux.so.2 (0xf7796000)
libaudit.so.1 => /lib/i386-linux-gnu/libaudit.so.1 (0xf7314000)
libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xf72be000)
libgcc_s.so.1 => /lib/i386-linux-gnu/libgcc_s.so.1 (0xf72a1000)
libXau.so.6 => /usr/lib/i386-linux-gnu/libXau.so.6 (0xf729d000)
libXdmcp.so.6 => /usr/lib/i386-linux-gnu/libXdmcp.so.6 (0xf7296000)
내가 뭐 놓친 거 없니?
디버그 로그
[19 Sep 6:14:34] snx: starting debug - Thu Sep 19 06:14:34 2019
[19 Sep 6:14:36] browser::browser(): called
[19 Sep 6:14:36] snx_CCC_browser::snx_CCC_browser: called
[19 Sep 6:14:36] snx_browser::auth: entering
[19 Sep 6:14:36] gwinfo:gwinfo: entered!0x9f674e8
[19 Sep 6:14:36] creating the ssl layer
[19 Sep 6:14:36] talkssl::talkssl(): entered with chunk=512, opaque=9f657e0, link_established=80d66a0, link_failure=80d6680, packet_receive=80d6650, verify_gw=80d66c0
[19 Sep 6:14:36] talkssl::set_sslalg: setting ssl alg to 2
[19 Sep 6:14:36] talkssl:: init_ssl_neg: using 3DES
[19 Sep 6:14:36] ckpSSLctx_New: prefs = 1a
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] isExist: ProxyEntity didn't initiated yet
[19 Sep 6:14:36] talkssl::start_async: Creating a new connection
[19 Sep 6:14:36] talkssl::start_async: Connecting to gw: 0x84af80b1, port: 443
[19 Sep 6:14:36] fwasync_make_connection: b180af84/443: dowait is -1 sock is 5
[19 Sep 6:14:36] talkssl::start_async: Connection created successfully
[19 Sep 6:14:36] fwasync_conn_params: <c0a80f05,44316> -> <b180af84,443>
[19 Sep 6:14:36] talkssl::client_handler: state: CONN_INIT - entering
[19 Sep 6:14:36] talkssl::client_handler: start ssl negotaition
[19 Sep 6:14:36] talkssl::client_handler: start openSSL negotaition
[19 Sep 6:14:36] ckpSSL_PrepareConnection: verify mode: 0
[19 Sep 6:14:36] My SSL Ciphers:
[19 Sep 6:14:36] Cipher List:
[19 Sep 6:14:36] 0: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
[19 Sep 6:14:36] 1: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
[19 Sep 6:14:36] 2: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
[19 Sep 6:14:36] 3: DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
[19 Sep 6:14:36] talkssl::client_handler: Returning OK!!!
[19 Sep 6:14:36] ckpSSL_NegotiateStep: current state = before/connect initialization
[19 Sep 6:14:36] is_initialized: new process or forked
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] rand_add_seedfile: Failed to read seed from registry.: Operation not permitted
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] fwrand_write_seed: Failed to read seed from registry.: Operation not permitted
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] fwrand_write_seed: Failed to write seed.: Operation not permitted
[19 Sep 6:14:36] ckpSSL_NegotiateStep: should retry.
[19 Sep 6:14:36] ckpSSL_NegotiateStep: current state = SSLv3 read server hello A
[19 Sep 6:14:36] SSL e stack
[19 Sep 6:14:36] 9594:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1033
[19 Sep 6:14:36] ckpSSL_NegotiateStep: Current step failed. Error is: 336151598
[19 Sep 6:14:36] ckpSSL_fwasync_connected: no connections err -3
[19 Sep 6:14:36] fwasync_end_conn: scheduling the end of connection 5
[19 Sep 6:14:36] fwasync_do_end_conn: closing connection 5 (conn=9f6eb68)
[19 Sep 6:14:36] talkssl::end_handler: ending connection
[19 Sep 6:14:36] snx_browser::Failure: entering with code: 1
[19 Sep 6:14:36] got link down!- exit
[19 Sep 6:14:36] snx: quit.
[19 Sep 6:14:36] snx_CCC_browser::~snx_CCC_browser: called
[19 Sep 6:14:36] browser::~browser: called
[19 Sep 6:14:36] talkssl::~talkssl: delete link
[19 Sep 6:14:36] talkssl::~talkssl: end
[19 Sep 6:14:36] done
답변1
동일한 문제와 동일한 오류 로그가 있습니다.
SNX 클라이언트를 다음으로 업그레이드하세요.빌드 800010003내 문제를 해결했습니다(체크포인트 계정이 필요하며 무료입니다).
답변2
나는 같은 문제가 있었고 포트를 잘못 적용한 것을 발견했습니다. 다시 말하지만, 이는 귀하에게 문제가 되지 않을 수도 있습니다. 단지 제가 찾은 내용을 게시하고 싶었을 뿐입니다.
머리 글자:
sudo snx -s <server>:<port> -u
문제를 해결하세요:
sudo snx -s <server> -p <port> -u <user>