Messages

Hi franco,

Makes sense, read teh article, personally I find Opnsense works to my expactations and very intuitive, I'm not that much supprised about new things as I know they were coming anyway, thanks  ;)

Greetings mark

Hi franco,

Thanks for the heads up, I think I just stick to SSH with keys for now, but with password  :P and console access without 2FA, at least until I get a better grasp of the whole situation. I didn't really use it before, besides my bank.

Will keep a eye on development of TOTP within Opnsense, btw. what is POLA?

Yes, probably authentication is tricky hope I don't meet that 'biatch' to often though  ;D

Thanks mark

Thank you team, Patched and working   ;D

@marjohn56, this makes me like Opnsense even more than I already did, thanks for the quick response very  8)

No stress until then I'm okay the way it is  ;D
But I dug a little deeper into that pfd, section 10.1 dimensions says:
minimum quiet zone:   equal to 4X on all four sides
Not knowing exactly how big that is, but it's a starter, you should probably read it yourself as there is more to it.

Oh well it's done with the best of intentions I guess and if there would not have been a dark theme in the first place no one would have noticed anyway  :P

Hey franco thanks for the welcome,

I know what su & sudo do but I messed that up thinking if I can login with SSH whith a user that is using 2FA without using the token because SSH don't have 2FA, then I can also elvate my rights and become root, but of course that is a shell login and using 2FA, I get that now thanks.

Hehe mine is the same the difference is I have sudo with password the rest is the same.

Will look into that recovery item, I make regular backup.xml, because if things go wrong like it did earlier this week it became impossible to login using 2FA, the phone not being able to lock on to a time server as I found that being the culprit afterwards, I already restored a backup...

Thanks mark

Thanks for your reply marjohn56 very kind of you to look into it.
It may be so yes, I have done a little research and found a pdf saying just that, it's called 'Quiet Zone' see 7.3 on  https://web.archive.org/web/20110812190511/http://raidenii.net/files/datasheets/misc/qr_code.pdf

Thanks for rebellion really like this dark theme.
I have a request: can the background for 'OTP QR code' found on the users page be made a color scanable by phones?
If I want to scan a new QR code I first have change to the default theme, scan the QR code, change back to rebellion.

Thanks mark

So using sudo with 2FA works in the shell, just tested.
Now if I understand correct, I have to give root OTP also to login using su?

Thanks mark

edit: NVM, I gave root OTP and it's working, thanks fabian

Hi all,

Thanks for all the labour done on opnsense already. Kept my eye on opnsense from teh beginning and installed it a few times and am now 'officially' migrated to it from pfsense.
Everything works as expected, though, there are a few things and they may be features.
I use 2FA for openvpn and an admin to login, both work fine. But I have that same admin login on SSH using keys (I know SSH is not part of 2FA, plans?) and was able to elevate my rights becoming root with su, without 2FA enabled.
After enabling 2FA su to root was not possible anymore. Since I can login on SSH (keyfile) using the admin who is using 2FA, I want to become root (doesn't use 2FA) why be bothered by 2FA since the login with token won't work anyway?

Thanks mark