Author Topic: Edit ssh configs (to allow certificate signed ssh access) (Read 293 times)

Scenic3050 · « **on:** September 30, 2024, 04:33:08 pm »

Hi All,

I'm trying to setup certificate signed ssh access to an OPNsense user and am a bit stuck. Normally it is just a matter of adding the following lines to my sshd_config file and its good to go:

TrustedUserCAKeys /etc/ssh/ca_key.pem
PasswordAuthentication no

The trouble is, I cannot find the sshd_config file in OPNsense! I do see a sshd_config file under /usr/local/etc/ssh/sshd_config, but this appears to be auto generated and I assume will be overwritten at some point?

Does anyone know how I can set this up or have any suggestions to try? Thanks for your help!

proctor · « **Reply #1 on:** October 23, 2024, 10:04:03 am »

Hi Scenic3050,

you can configure all you need with the webgui.

Keys:
System \ Access \ Users \ [ Username ] \ Authorized keys

No password:
System \ Settings \ Administration \ Secure Shell \ Authentication Method

Nevertheless, "sshd_config" is located at "/usr/local/etc/ssh/"

Cheers

Patrick M. Hausen · « **Reply #2 on:** October 23, 2024, 10:20:18 am »

@proctor they are asking for certificate based authentication, not SSH keys. Different method.

proctor · « **Reply #3 on:** October 23, 2024, 11:54:06 am »

Thanks Patrick, my fault.
I was searching for (permanently) changes to the ssh keys to generate when i stumbled upon this question, so i had a "key-bias" in mind...

Author Topic: Edit ssh configs (to allow certificate signed ssh access) (Read 293 times)

Scenic3050

Edit ssh configs (to allow certificate signed ssh access)

proctor

Re: Edit ssh configs (to allow certificate signed ssh access)

Patrick M. Hausen

Re: Edit ssh configs (to allow certificate signed ssh access)

proctor

Re: Edit ssh configs (to allow certificate signed ssh access)