SSH root password not working

Started by dcol, June 23, 2022, 01:43:36 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 23, 2022, 01:43:36 AM
I can log into OPNsense via the console of GUI just fine, but I cannot use that same password in WinSCP. It says 'incorrect password'.
What do I need to do to get SFTP access?
June 23, 2022, 08:04:53 AM #1
Could there be an issue with the character map? The console could have integrated authentication (System: Settings: turned off as well which leads to unexpected results vs. GUI login.

For SSH itself the user needs to be added to a permitted group as per setting and password logig must be enabled as well as it is off by default.


Cheers,
Franco
June 23, 2022, 05:15:00 PM #2 Last Edit: June 23, 2022, 05:47:37 PM by dcol
Integrated auth is on. I have user added to admins group. The read only privilege has been removed from config.xml. Since I cannot edit files via SFTP, I had to edit the config.xml from the backup and import it into OPNsense.
When I use WinSCP as the root user, I get pic1. When I login as admin user I can read but not write files as in pic2. My production firewall works fine logging in as root, so I know it is a setting somewhere and I matched the settings>administration settings to the test firewall.

When logging in from root, audit log shows this
error: PAM: Authentication error for root from x.x.x.x (IP removed for security reasons)

I tried remotely and on the local network.
June 23, 2022, 06:38:07 PM #3
I just installed a fresh OPNsense install 22.1 and it does the same thing.
How do I get WinSCP to work?
June 23, 2022, 06:57:15 PM #4
<SOLVED>
I had to change the Login shell to /bin/csh
What confused me is the production firewall is set to /usr/local/sbin/opnsense-shell and that works

Issue is, how to get it to work OOB. It really should.
June 23, 2022, 07:05:08 PM #5
What for do you need WinSCP on OPNsense? SSH, yes, but SCP/SFTP?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 23, 2022, 07:08:59 PM #6
This is how I edit files in OPNsense. I am not comfortable with the shell editor
June 23, 2022, 07:33:42 PM #7
You know it's dangerous to edit on Windows and copy back? If your Windows editor of choice inserts the wrong end of line characters all sorts of things break.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 23, 2022, 07:59:07 PM #8
I use Notepad+. Never had an issue.
June 23, 2022, 08:20:32 PM #9
<UPDATE>
I realized I needed the opnsense-shell, so I put it back, and now the root password works. Not sure what changing to /bin/csh did, but it fixed the problem.
June 26, 2022, 01:10:32 AM #10
Quote from: pmhausen on June 23, 2022, 07:33:42 PM
You know it's dangerous to edit on Windows and copy back? If your Windows editor of choice inserts the wrong end of line characters all sorts of things break.

I used to be same way but found that nano is lot more intuitive, the experienced folks say that it lacks functionality but I am only editing files occasionally. In Nano the commands are little more intuitive than Vi or Vim.

https://www.nano-editor.org/dist/latest/cheatsheet.html

You will need to install nano from command line "pkg install nano".
Print
Go Up Pages1
User actions