Unable to use SSH when i disable Permit password login

Started by Thorrrr, December 23, 2024, 09:53:37 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 23, 2024, 09:53:37 AM
I have been going crazy all yesterday trying to work out ssh on opnsense.
If i have Permit password login enabled my public key is verified and matches my laptop.
If i try to ssh into opnsense it works perfect. But obviously i dont want Permit password login enabled if using ssh.
Soon as i disable Permit password login it no longer works says not recognised public key.

If i re enable go back n and check the public key its different!
So i tried like 8 times adding the correct one verifying it which it did each time.
But son as i disabled Permit password login it stops working please help me understand the issue
December 23, 2024, 10:08:14 AM #1
Did you add the public key to the user account in question in the UI? You cannot manually edit authorized_keys.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 23, 2024, 10:10:12 AM #2 Last Edit: December 23, 2024, 10:13:46 AM by Thorrrr
No i did it via terminal when i had Permit password login enabled, like i said ssh works

Do i need to stop Opnsesne overwriting the ssh when i disable Permit password login?

If so how?
December 23, 2024, 10:13:46 AM #3
That's why it gets overwritten as soon as you change any setting in the UI ...

Use the UI to add the key(s). Every change to any configuration file in OPNsense will be overwritten by the UI. (with very rare and specific exceptions)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 23, 2024, 10:16:51 AM #4
HI Patrick
Please can you tell me where i add my keys in the GUI?

Also on a side note is there any kind of terminal in Opnsesne i thought there was one in System area but i can no longer find any kind of terminal built in
December 23, 2024, 10:20:15 AM #5 Last Edit: December 23, 2024, 10:31:52 AM by Patrick M. Hausen
There is no terminal in the web UI. There is only SSH. But there is not much you can actually configure via SSH ...

To add the SSH key:

System > Access > Users, click on the pencil icon to the right to edit, the field for "Authorized keys" is at the very bottom. Copy & paste & save.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 23, 2024, 10:28:48 AM #6 Last Edit: December 23, 2024, 11:20:34 AM by Thorrrr
HI Patrick

Thank you i had an old one in there and my memory is not as good as it used to be lol
All working now
December 23, 2024, 11:58:03 AM #7
The solution seems very secure, but I would to know more: how is generated the key on my laptop (linux)?
I'm not very aware about the SSH security.
I suppose the SSH key is present on my laptop and I've to share it with OPNsense server by the process explain by Patrick...
December 23, 2024, 12:03:36 PM #8
The ssh keys are stored in .ssh directory in your home directory. Look at man ssh
December 23, 2024, 12:28:37 PM #9
Quote from: droumanet on December 23, 2024, 11:58:03 AMThe solution seems very secure, but I would to know more: how is generated the key on my laptop (linux)?
I'm not very aware about the SSH security.
I suppose the SSH key is present on my laptop and I've to share it with OPNsense server by the process explain by Patrick...

It's actually a key-pair. The private key is stored on the client (optionally encrypted with a passphrase), and only the public key needs to be shared with the server (usually added to "authorized_keys").
Print
Go Up Pages1
User actions