Show Posts
1
23.1 Legacy Series / Successfully locked out with TOTP
« on: July 21, 2023, 11:48:31 am »
First post and already a serious issue: How do I recover from TOTP no longer working?
I've configured my two OPNsense machines for TOTP authentication using a Yubikey. Format is <password><totp code> and everything worked great for two years.
Now I've had an unexpected power loss. Both machines booted up back ok, services are running normally. Can't log in anymore though, webinterface, SSH and serial console don't accept my credentials.
First idea was time offset between OPNsense and PC, but it turns out both NTP servers on both machines have the correct time and as a result so does the PC.
Second idea was maybe I remember the passwords wrong. I have paper backups in a secure location for just that. Nope, passwords are correct.
Now I'm out of ideas. Unless the issue magically fixes itself I see no choice but to pull the power and then the SD cards, then hopefully change something to force authentication from the local accounts only. How do I do that?
I've configured my two OPNsense machines for TOTP authentication using a Yubikey. Format is <password><totp code> and everything worked great for two years.
Now I've had an unexpected power loss. Both machines booted up back ok, services are running normally. Can't log in anymore though, webinterface, SSH and serial console don't accept my credentials.
First idea was time offset between OPNsense and PC, but it turns out both NTP servers on both machines have the correct time and as a result so does the PC.
Second idea was maybe I remember the passwords wrong. I have paper backups in a secure location for just that. Nope, passwords are correct.
Now I'm out of ideas. Unless the issue magically fixes itself I see no choice but to pull the power and then the SD cards, then hopefully change something to force authentication from the local accounts only. How do I do that?