1
18.7 Legacy Series / Preshared Key no longer accepted?
« on: August 29, 2018, 08:47:58 pm »Hi all
We just updated some OPNsense boxes from 18.1 -> 18.7 and got a problem with the nightly backup process.
The centralized server got all configurations from all boxes with a preshared key and a special backup user, who have no password access to the OPNsense etc.
After the update to 18.7 it doesn't work again, but I found these in the logs:
Aug 29 19:01:12 lab-ch-rma01-fw02 sshd[69339]: User backupCFG from 198.18.6.3 not allowed because none of user's groups are listed in AllowGroups
Aug 29 19:01:12 lab-ch-rma01-fw02 sshd[69339]: Postponed keyboard-interactive for invalid user backupCFG from 198.18.6.3 port 42896 ssh2 [preauth]
Aug 29 19:01:12 lab-ch-rma01-fw02 opnsense: user 'backupCFG' could not authenticate.
I check with the web gui the "Effective Privileges" from this user and I can't find the point "User - System: Shell account access" anymore.
On the 18.1 configuration, because the security, this user is not a member of the admin group, "/sbin/nologin" is the Login Shell and only the "Effective Privileges" "User - System: Shell account access" was set. With the preshared key we get the configuration with scp. It work's fine.
How can I setup it up with the 18.7 release?
gruss ivo