Topics

1

General Discussion / Edit ssh configs (to allow certificate signed ssh access)

« on: September 30, 2024, 04:33:08 pm »

Hi All,

I'm trying to setup certificate signed ssh access to an OPNsense user and am a bit stuck. Normally it is just a matter of adding the following lines to my sshd_config file and its good to go:

TrustedUserCAKeys /etc/ssh/ca_key.pem
PasswordAuthentication no

The trouble is, I cannot find the sshd_config file in OPNsense! I do see a sshd_config file under /usr/local/etc/ssh/sshd_config, but this appears to be auto generated and I assume will be overwritten at some point?

Does anyone know how I can set this up or have any suggestions to try? Thanks for your help!

2

General Discussion / Local Valid SSL Certificates

« on: August 22, 2024, 04:35:31 pm »

Hi All,

I have been going in circles a bit trying to setup local valid SSL certificates for my internal services. I do not want anything exposed to the internet, this is just for local/internal usage eg. to get rid of warning messages in web browsers and improve security.

Ideally I would like this to be fully handled with OPNsense or its plugins. I am currently using Unbound for my DNS. I have seen various guides but no complete source for doing this entirely in OPNsense.

Can anyone advise me on how to set this up or point me to a suitable guide? I would like to use DNS01 with my Cloudflare domain name and a wildcard subdomain so it's easy to add new services as I go. I have the NGINX plugin installed in OPNsense but am open to alternative options (eg. Caddy plugin), I just need some help/guide to follow.

Thanks for your advice!