OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of elyl »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - elyl

Pages: [1]
1
24.1 Legacy Series / ACME SFTP Upload help
« on: August 21, 2024, 06:44:56 pm »
Is there any documentation on how to get this to work?  I can't seem to get the right combination of ssh keys working.

For the examples below, "docker.address" is the name of the destination I'm trying to copy the certificates to.

upload_sftp.php --log --host=docker.address --user=root --identity-type=rsa --certificates=mycert.org test-connection
Code: [Select]
INFO: Logging to stdout enabled
INFO: No host key specified, using existing known_hosts entry for 'docker.address'
INFO: SFTP: root@docker.address: Permission denied (publickey,password,keyboard-interactive).
INFO: SFTP: Connection closed
ERROR: Failed connecting to 'docker.address' (user: 'root') ; Cause: {"permission_denied":true,"error":"root@docker.address: Permission denied (publickey,password,keyboard-interactive)."}
{
    "actions": [
        "connecting"
    ],
    "success": false,
    "permission_denied": true,
    "error": "root@docker.address: Permission denied (publickey,password,keyboard-interactive).",
    "connect_failed": true
}
ERROR: Command execution failed, exit code 1. Last input was: {"log":false,"host":"docker.address","user":"root","identity-type":"rsa"}
I have copied the contents of  /var/etc/acme-client/sftp-config/is.rsa.pub to the ~/.ssh/authorized_keys and ~/.ssh/known_hosts (I'm not sure which one I should be doing, I've tried neither, either and both) but still get the same error.

I tried ssh-copy-id to copy the id.rsa file to docker.address, which seemed to work, but running the automation script copied the files to ~/ on the opnsense server rather than to docker.address, so I guess I have things seriously mixed up.

The id.rsa.pub file has the username at the end of it as root@opnsense.internal, I'm tried changing to just root, and also root@docker.address, but to no avail.

2
General Discussion / Can't access WebGUI from OPT1 with pf enabled
« on: September 08, 2023, 10:41:34 pm »
I have OPNsense set up as a VM in Proxmox.

I have the WAN and LAN interfaces passed through to OPNsense, and I have OPT1 set up as the vmbr0 bridge from Proxmox, so that I can hopefully manage the router directly if it ever fails on LAN (and set it up without having to have everything live).

I can't seem to access the web gui from this OPT1 interface, unless I SSH in and pfctl -d to disable the firewall, then it lets me log in.

I have tried various combinations of firewall rules on OPT1 to allow all traffic, but I still can't access the GUI without disabling pf from the shell.  Logs say access to port 443 from my systems connected via OPT1 are failing on "Default deny / state violation rule".  WebGUI listen interfaces are set to All.

I feel like I'm missing something obvious, but even with an all * rule on OPT1, it's still blocked.  Any suggestions?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2