I have been going crazy all yesterday trying to work out ssh on opnsense.
If i have Permit password login enabled my public key is verified and matches my laptop.
If i try to ssh into opnsense it works perfect. But obviously i dont want Permit password login enabled if using ssh.
Soon as i disable Permit password login it no longer works says not recognised public key.
If i re enable go back n and check the public key its different!
So i tried like 8 times adding the correct one verifying it which it did each time.
But son as i disabled Permit password login it stops working please help me understand the issue
Did you add the public key to the user account in question in the UI? You cannot manually edit authorized_keys.
No i did it via terminal when i had Permit password login enabled, like i said ssh works
Do i need to stop Opnsesne overwriting the ssh when i disable Permit password login?
If so how?
That's why it gets overwritten as soon as you change any setting in the UI ...
Use the UI to add the key(s). Every change to any configuration file in OPNsense will be overwritten by the UI. (with very rare and specific exceptions)
HI Patrick
Please can you tell me where i add my keys in the GUI?
Also on a side note is there any kind of terminal in Opnsesne i thought there was one in System area but i can no longer find any kind of terminal built in
There is no terminal in the web UI. There is only SSH. But there is not much you can actually configure via SSH ...
To add the SSH key:
System > Access > Users, click on the pencil icon to the right to edit, the field for "Authorized keys" is at the very bottom. Copy & paste & save.
HI Patrick
Thank you i had an old one in there and my memory is not as good as it used to be lol
All working now
The solution seems very secure, but I would to know more: how is generated the key on my laptop (linux)?
I'm not very aware about the SSH security.
I suppose the SSH key is present on my laptop and I've to share it with OPNsense server by the process explain by Patrick...
The ssh keys are stored in .ssh directory in your home directory. Look at man ssh
Quote from: droumanet on December 23, 2024, 11:58:03 AMThe solution seems very secure, but I would to know more: how is generated the key on my laptop (linux)?
I'm not very aware about the SSH security.
I suppose the SSH key is present on my laptop and I've to share it with OPNsense server by the process explain by Patrick...
It's actually a key-pair. The private key is stored on the client (optionally encrypted with a passphrase), and only the public key needs to be shared with the server (usually added to "authorized_keys").