OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Scenic3050 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Scenic3050

Pages: [1]
1
General Discussion / Edit ssh configs (to allow certificate signed ssh access)
« on: September 30, 2024, 04:33:08 pm »
Hi All,

I'm trying to setup certificate signed ssh access to an OPNsense user and am a bit stuck. Normally it is just a matter of adding the following lines to my sshd_config file and its good to go:

TrustedUserCAKeys /etc/ssh/ca_key.pem
PasswordAuthentication no

The trouble is, I cannot find the sshd_config file in OPNsense! I do see a sshd_config file under /usr/local/etc/ssh/sshd_config, but this appears to be auto generated and I assume will be overwritten at some point?

Does anyone know how I can set this up or have any suggestions to try? Thanks for your help!

2
General Discussion / Re: Local Valid SSL Certificates
« on: August 24, 2024, 08:06:04 am »
That sounds about right, yes!
Actually, I am mostly just wanting to have valid certs for the admin/login pages of my services which currently I access via a web browser but have to click past the warnings about non valid SSL. For communications between servers I tend to use ssh which is reasonably secure as I understand, but am always open to new ideas and approaches!

3
General Discussion / Re: Local Valid SSL Certificates
« on: August 23, 2024, 01:06:02 am »
The wildcard certificate method sounds promising and a concept I have seen in other guides that aren’t geared towards the OPNsense NGINX plugin.

Are you able to point me in the right direction to a source to understand this better, if there are no guides as you say?

4
General Discussion / Local Valid SSL Certificates
« on: August 22, 2024, 04:35:31 pm »
Hi All,

I have been going in circles a bit trying to setup local valid SSL certificates for my internal services. I do not want anything exposed to the internet, this is just for local/internal usage eg. to get rid of warning messages in web browsers and improve security.

Ideally I would like this to be fully handled with OPNsense or its plugins. I am currently using Unbound for my DNS. I have seen various guides but no complete source for doing this entirely in OPNsense.

Can anyone advise me on how to set this up or point me to a suitable guide? I would like to use DNS01 with my Cloudflare domain name and a wildcard subdomain so it's easy to add new services as I go. I have the NGINX plugin installed in OPNsense but am open to alternative options (eg. Caddy plugin), I just need some help/guide to follow.

Thanks for your advice!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2