OPNsense Forum

Hi all,

   Is there a definitive document/steps, regarding SSH'nig into OPN?  I have scoured online and have come up empty regarding any steps out there.  Tried creating new user, new groups, logging in as admin/root, changing shells, certs, etc.  It used to work just fine earlier this year.  Any help would be highly appreciated.  Thank you!

~jm

There is, the part of the documentation that says "Enable a secure shell service" ;)
https://docs.opnsense.org/manual/settingsmenu.html
What happens when you attempt to ssh into it?

Definitely did that!   :)

I get 'access denied'...

Ok, then the ssh server is enabled and answering back.
Then it could be wrong password. Is it for root?

Not root.
Usually would try just my 'admin' account.
As mentioned, tried to create a new account, but still no dice.

At least it's still functional/pingable at this time.

Check if the user's shell really exists. IIRC bash was removed from the standard OPNsense installation.

I tried using 'csh' but no go, still 'access denied'
Attempted using putty with 'ssh admin@192.168.1.1' & only 'admin@192.168.1.1' for example.

When you say checking if the user's shell really exists, could you elaborate, please?

system > users > Login shell

Went to (sorry for CAPS): 
SYSTEM: ACCESS: USERS

admin user's Login shell is '/bin/csh'

that's where I meant :)
Could you try changing to another shell and try again?

Tried all four, but could not get it to work.

I'm wondering if it's something really basic..?

Tried admin@IP & ssh admin@IP, fyi.

Those are ways to get to the same thing, the ssh server, which is responding. Do you have another user for which ssh works ok?

The only other time I was able to get in, was with my admin account (non-root).  I've tried root, but that did not work.  I'm a bit perplexed!

admin maps to the root account. If you can then try to navigate to /bin and verify the shells are there.

I'm just plain stuck.   :'(

Figured it out, sorta.
Didn't work using PuTTY on Win11 PC, but just worked fine on Terminal, via Mac.
Go figure...
Thanks all for the suggestions!   8)

It could be that tool uses and/or defaults to cyphers deprecated in OPN.
You could try ssh -vv admin@192.168.5.1 for ssh to spit out debug information. Depending on how the tool implements the openssl libraries it might or not show the info. You will be able to see it from the Mac.

Win 10 and 11 have SSH in Powershell, no need to use Putty.

I do dislike the damn thing with a passion.

Thanks all for the feedback & have a great weekend!
~jm