Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Scenic3050

Pages1
#1
General Discussion / Edit ssh configs (to allow certificate signed ssh access)
September 30, 2024, 04:33:08 PM
Hi All,

I'm trying to setup certificate signed ssh access to an OPNsense user and am a bit stuck. Normally it is just a matter of adding the following lines to my sshd_config file and its good to go:

TrustedUserCAKeys /etc/ssh/ca_key.pem
PasswordAuthentication no

The trouble is, I cannot find the sshd_config file in OPNsense! I do see a sshd_config file under /usr/local/etc/ssh/sshd_config, but this appears to be auto generated and I assume will be overwritten at some point?

Does anyone know how I can set this up or have any suggestions to try? Thanks for your help!
#2
General Discussion / Re: Local Valid SSL Certificates
August 24, 2024, 08:06:04 AM
That sounds about right, yes!
Actually, I am mostly just wanting to have valid certs for the admin/login pages of my services which currently I access via a web browser but have to click past the warnings about non valid SSL. For communications between servers I tend to use ssh which is reasonably secure as I understand, but am always open to new ideas and approaches!
#3
General Discussion / Re: Local Valid SSL Certificates
August 23, 2024, 01:06:02 AM
The wildcard certificate method sounds promising and a concept I have seen in other guides that aren't geared towards the OPNsense NGINX plugin.

Are you able to point me in the right direction to a source to understand this better, if there are no guides as you say?
#4
General Discussion / Local Valid SSL Certificates
August 22, 2024, 04:35:31 PM
Hi All,

I have been going in circles a bit trying to setup local valid SSL certificates for my internal services. I do not want anything exposed to the internet, this is just for local/internal usage eg. to get rid of warning messages in web browsers and improve security.

Ideally I would like this to be fully handled with OPNsense or its plugins. I am currently using Unbound for my DNS. I have seen various guides but no complete source for doing this entirely in OPNsense.

Can anyone advise me on how to set this up or point me to a suitable guide? I would like to use DNS01 with my Cloudflare domain name and a wildcard subdomain so it's easy to add new services as I go. I have the NGINX plugin installed in OPNsense but am open to alternative options (eg. Caddy plugin), I just need some help/guide to follow.

Thanks for your advice!
Pages1