Text only | Text with Images

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: sewi on July 14, 2023, 08:51:21 AM

Title: Public key auth no longer working after switching to TOTP for passwords
Post by: sewi on July 14, 2023, 08:51:21 AM
Hey there,

I've been using public keys to automatically access my opnsense boxes. Ever since I switched the authentication to TOTP, public key over SSH no longer works (password auth with the TOTP token prepended does work).

Is that intentional / how do I incorporate the TOTP token into the SSH public key authentication?
Title: Re: Public key auth no longer working after switching to TOTP for passwords
Post by: franco on July 14, 2023, 11:01:52 AM
So if you turn TOTP off again the key auth still doesn't work? ;)


Cheers,
Franco
Title: Re: Public key auth no longer working after switching to TOTP for passwords
Post by: sewi on July 15, 2023, 10:59:33 AM
You're right, there's something else amiss.
I was confused, because it always worked, the only thing I changed was the TOTP setting and installing updates, and the log by default didn't show me anything.

After changing the level to informational, I see that the PubkeyAcceptedAlgorithms default must have changed during one of the updates and as such, the login failed. =/

Thanks!
Title: Re: Public key auth no longer working after switching to TOTP for passwords
Post by: franco on July 15, 2023, 11:20:09 AM
Thanks for confirming. Yeah, so when OpenSSH was updated your current key algo was probably deprecated and no longer works in the default (secure) configuration.

Best course of action would be to generate new secure keys and swap out the old ones.


Cheers,
Franco
Text only | Text with Images