OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: Taomyn on September 10, 2021, 01:51:06 pm

Title: [SOLVED] Updated to 21.7.2_1 and can no longer SSH into firewall
Post by: Taomyn on September 10, 2021, 01:51:06 pm

I just updated my firewall from 21.7.1 to 21.7.2_1 and after finding both ACME and HAPROXY not auto starting, I also find I can no longer SSH into my firewall - I used SSH to perform the update so I know my credentials etc are all correct - the same name/password works with the web GUI.


I looked at the audit log and see:

Code: [Select]

2021-09-10T13:42:05   sshd[43667]   Connection closed by authenticating user root 192.168.1.30 port 50081 [preauth]   
2021-09-10T13:42:02   sshd[43667]   error: PAM: Authentication error for root from 192.168.1.30   
2021-09-10T13:41:46   sshd[49934]   Server listening on 192.168.1.1 port 22222.   
2021-09-10T13:41:46   sshd[49934]   Server listening on 127.0.0.1 port 22222.   
2021-09-10T13:41:46   sshd[49934]   Server listening on ::1 port 22222.


I restarted the openssh service through the web GUI and it made no difference.


Any advice on getting this working again? I can't try direct on the firewall console as I am currently away from the location.

Title: Re: Updated to 21.7.2_1 and can no longer SSH into firewall
Post by: Taomyn on September 10, 2021, 03:02:55 pm

So I was able to regain remote control to a machine on-site that is connected to the console of the firewall via a USB->COM connection, and find that I cannot even log in as root on the firewall directly.


How do I fix it without access like this?

Title: Re: Updated to 21.7.2_1 and can no longer SSH into firewall
Post by: franco on September 10, 2021, 03:08:21 pm

Without any authentication-related info (ssh key or password use, integrated authentication, authentication server use, TOTP enabled, etc.) the best guess is it's configured in a way that your password assumption isn't correct.


Cheers,
Franco

Title: Re: Updated to 21.7.2_1 and can no longer SSH into firewall
Post by: Taomyn on September 10, 2021, 03:17:00 pm

Are you saying that using my root account and then my password via the GUI doesn't necessarily mean my password is correct? That doesn't make sense to me so what would I need to check to find what would be holding a different password?


I managed to get into the console by unprotecting the menu, so I can drop to the shell etc

Title: Re: Updated to 21.7.2_1 and can no longer SSH into firewall
Post by: franco on September 10, 2021, 03:23:21 pm

Yes, it depends on your settings and how old your install is. At some point integrated authentication was introduced and it made the console and ssh login password behave according your system authentication setting, not the bare password from the user.


Cheers,
Franco

Title: Re: Updated to 21.7.2_1 and can no longer SSH into firewall
Post by: Taomyn on September 10, 2021, 03:53:19 pm

I updated from 21.7.1 which was fine to 21.7.2_1 so why would this have changed just for me as I don't see anyone else reporting the same issue?


These are the settings, image attached, what should I change to get my root account able to connect again via SSH and the console?

Title: Re: Updated to 21.7.2_1 and can no longer SSH into firewall
Post by: Taomyn on September 10, 2021, 04:02:27 pm

Ok, well I arrived home and checked things out, so decided to reboot and see what happens.


Everything is fine now - but at least my experience is here in case anyone else has the same problem. Even the two services that failed the last time, HAPROXY and ACME started up normally.


Thanks for responses btw.