Public key auth no longer working after switching to TOTP for passwords

sewi · July 14, 2023, 08:51:21 AM

Hey there,

I've been using public keys to automatically access my opnsense boxes. Ever since I switched the authentication to TOTP, public key over SSH no longer works (password auth with the TOTP token prepended does work).

Is that intentional / how do I incorporate the TOTP token into the SSH public key authentication?

franco · July 14, 2023, 11:01:52 AM

So if you turn TOTP off again the key auth still doesn't work? ;)

Cheers,
Franco

sewi · July 15, 2023, 10:59:33 AM

You're right, there's something else amiss.
I was confused, because it always worked, the only thing I changed was the TOTP setting and installing updates, and the log by default didn't show me anything.

After changing the level to informational, I see that the PubkeyAcceptedAlgorithms default must have changed during one of the updates and as such, the login failed. =/

Thanks!

franco · July 15, 2023, 11:20:09 AM

Thanks for confirming. Yeah, so when OpenSSH was updated your current key algo was probably deprecated and no longer works in the default (secure) configuration.

Best course of action would be to generate new secure keys and swap out the old ones.

Cheers,
Franco

Public key auth no longer working after switching to TOTP for passwords

sewi

July 14, 2023, 08:51:21 AM

franco

July 14, 2023, 11:01:52 AM #1

sewi

July 15, 2023, 10:59:33 AM #2

franco

July 15, 2023, 11:20:09 AM #3