Check Point Users

In order for Indeni to run its full set of discovery and interrogation scripts, a /bin/bash user with a role of administrator needs to be used to connect your device. It is highly recommended that a unique Indeni user is created for auditing and security purposes.


Creating User on GAiA WebUI Portal

  1. Log in to the Check Point WebUI.
  2. Go to User Management → Users → Add
  3. Fill in the required information. It is important to set the Shell to /bin/bash and set the role to adminRole.

Creating Users via CLI

  1. Log in to the Check Point device using SSH
  2. Make sure you are in Clish. If you have the shell set to /bin/bash, run the command clish
  3. Add the user (in the example we are using the username indeni):
    add user indeni uid 0 homedir /home/indeni
  4. Set the password for the user:
    set user indeni password
    New password: [xxxx]
    Verify new password: [xxxx]
  5. Type the following to add the access role adminRole:
    add rba user indeni roles adminRole
  6. Type the following to set the shell to /bin/bash:
    set user indeni shell /bin/bash

Creating via GAiA Embedded

  1. Login to the webUI
  2. Go to Users & ObjectsAdministratorsNew
  3. Fill in the username and password and click Apply
  4. Login with the user using SSH and type the command expert followed by the command “bashUser on”:

Connect using public/private SSH Keys

The SSH key is stored within the Indeni application and not in the typical Linux OS location, therefore, device keys will need to be entered individually into the WebUI which can be doing by performing the following:

  1. Log into the remote device
  2. Make a note of which user Indeni will connect with. This will be needed later. In our example below the username will be “indeni”
  3. To create a public/private key pair, type the following:
    ssh-keygen -t rsa -b 4096 -f indeni-ssh -N
  4. Create a folder called “.ssh” in the home folder of the user which will use Indeni, by typing in the following:
    mkdir /home/indeni/.ssh
  5. Move the public key to the .ssh folder, and rename it to authorized_keys and set the correct permissions by typing the following:
    mv indeni-ssh.pub /home/indeni/.ssh/authorized_keys
    chmot 700 /home/indeni/.ssh
    chmod 600 /home/indeni/.ssh/authorized_keys

    OPTIONAL: For increased security, perform the following to render the password for the “indeni” account useless, allowing only the SSH key to login:
    ” dbset passwd:indeni:passwd “*” ” “dbset save

  6. Get the output the private key by typing the following:
    cat indeni-ss

    OUTPUT EXAMPLE
    —–BEGIN RSA PRIVATE KEY—–MIIJJQIBAAKCAgEAp5UbPfn36Y1NIqbvJLPWvd128IfZ1FH5gt/E=……—–END RSA PRIVATE KEY—–

  7. When adding the device into Indeni, select “SSH Key” and input the entire content (including the dashes  “—–BEGIN RSA PRIVATE KEY — and — END RSA PRIVATE KEY —–” of the RSA output.

Frequently Asked Questions


I’ve setup the user as described, but I cannot add the device

The most common issue is that the user configured has the incorrect shell, and/or the incorrect permissions. Make sure that the shell is set to /bin/bash, the role is adminRole, has the correct password set and that the Uid is ‘0’ (zero). To verify this run, the following Clish command:
show user <username>” and “show rba user <username>