OPNsense Forum
English Forums => General Discussion => Topic started by: dcol on June 23, 2022, 01:43:36 am
-
I can log into OPNsense via the console of GUI just fine, but I cannot use that same password in WinSCP. It says 'incorrect password'.
What do I need to do to get SFTP access?
-
Could there be an issue with the character map? The console could have integrated authentication (System: Settings: turned off as well which leads to unexpected results vs. GUI login.
For SSH itself the user needs to be added to a permitted group as per setting and password logig must be enabled as well as it is off by default.
Cheers,
Franco
-
Integrated auth is on. I have user added to admins group. The read only privilege has been removed from config.xml. Since I cannot edit files via SFTP, I had to edit the config.xml from the backup and import it into OPNsense.
When I use WinSCP as the root user, I get pic1. When I login as admin user I can read but not write files as in pic2. My production firewall works fine logging in as root, so I know it is a setting somewhere and I matched the settings>administration settings to the test firewall.
When logging in from root, audit log shows this
error: PAM: Authentication error for root from x.x.x.x (IP removed for security reasons)
I tried remotely and on the local network.
-
I just installed a fresh OPNsense install 22.1 and it does the same thing.
How do I get WinSCP to work?
-
<SOLVED>
I had to change the Login shell to /bin/csh
What confused me is the production firewall is set to /usr/local/sbin/opnsense-shell and that works
Issue is, how to get it to work OOB. It really should.
-
What for do you need WinSCP on OPNsense? SSH, yes, but SCP/SFTP?
-
This is how I edit files in OPNsense. I am not comfortable with the shell editor
-
You know it's dangerous to edit on Windows and copy back? If your Windows editor of choice inserts the wrong end of line characters all sorts of things break.
-
I use Notepad+. Never had an issue.
-
<UPDATE>
I realized I needed the opnsense-shell, so I put it back, and now the root password works. Not sure what changing to /bin/csh did, but it fixed the problem.
-
You know it's dangerous to edit on Windows and copy back? If your Windows editor of choice inserts the wrong end of line characters all sorts of things break.
I used to be same way but found that nano is lot more intuitive, the experienced folks say that it lacks functionality but I am only editing files occasionally. In Nano the commands are little more intuitive than Vi or Vim.
https://www.nano-editor.org/dist/latest/cheatsheet.html
You will need to install nano from command line "pkg install nano".