Minimal desktop install?

[Yewtink]

I'm having issues getting ssh to work.  Is there a minimal desktop in the stock install?

If so what is the command to start it?  If I need to install one manually which is best? Just needing nano editor, file explorer and ability to print to pdf or my networked printer.

I found how to install nano from cli.

I do not want the desktop environment to boot all the time just when I need it.

[cookiemonster]

OPNSense ?
There is no desktop at all, minimal or otherwise. This is a firewall not a general purpose OS.
Or maybe I don't understand the question.

[Seimus]

As mentioned by cookie, this is a FW, security appliance. All necessary tools and subsystems for managing such device are in place. Same goes for SSH.

Out of the BOX, OPNsense should have default rules, permitting access from LAN to everywhere, this same goes as well for SSH. However if you want to connect to the device via SSH you need to enable it via GUI.

Please read >
https://docs.opnsense.org/manual/settingsmenu.html#secure-shell

Regards,
S.

[Yewtink]

Correct, I configured the secure SSH and for what ever reason it keeps on failing.  I left root ssh disabled, created a new user with admin rights.  (not working either)  I also create selfsigned cert and saved it to opnsense and my computer I am trying to ssh in with.  Telling me to check log.   It is take me days to get anywhere like this.  I would like to install and only have it to load on demand for a single user.

I suck at remembering the linux commands and file directory system.  I would like to add a miniumal desktop so I have a GUI to get in and look at what I need easily.  If I can't ssh into the router I have to move and connect a monitor so I can work directly off the machine.  IF there was a lite desktop to speed up my ability to open and read the logs make edits when possible it would be a huge help.

Another issue I am having is converting my cert to a putty format (ppk), following the directions I keep getting an error that the file is not formatted correctly.  Recreated a new cert copy and pasted to new machine to import still says incorrect format error.  I am just so tired of feeling blind and not getting anywhere.

• 2024-10-26T19:05:01-04:00   Warning   audit   user SomeDumbIdiot could not authenticate for login. [using OPNsense\Auth\Services\System + OPNsense\Auth\Local]

   

• 2024-10-26T17:56:29-04:00   Error   sshd-session   error: Received disconnect from 192.168.90.8 port 58936:14: No supported authentication methods available [preauth]
  

[Patrick M. Hausen]

What is missing in the web UI for all of that? Log files are readily accessible. There is rarely a need to use SSH.

[cookiemonster]

Ok, clearer now. The only UI you'll be able to use is it's own. No desktops can be installed but the UI will allow you to do what you want, use a UI to manage it over the network. Point your browser on your PC, laptop, etc. to the ip of it on the LAN. Check https://docs.opnsense.org/manual/install.html from "The GUI is accessible at .."

That is your UI for management.
As for the ssh access, that is something you should really want to fix. You could use "ssh -vvv" and post the results (in code brackets) to see what it might be complaining about.
I can't help with putty I don't use it, a MS windows thing. I don't know if it ships its own ssl libraries but
2024-10-26T17:56:29-04:00   Error   sshd-session   error: Received disconnect from 192.168.90.8 port 58936:14: No supported authentication methods available [preauth]
suggests it could be an old OS or an old application with removed/disabled ciphers.
However the port looks wrong.

Best thing all considered is to fix first the access to UI and that will allow to fix ssh. Likely wrong settings set.

[Yewtink]

IDK I can login as root and manage (WebUI) I get an error and in the UI says click goto page. But it does not open the log file so I can read it.  The UI will tell me which log to check but it doesn't give me a file location.

IDK The directions to convert pem file to ppk is pretty straight forward.  I checked for updates to see if something in the coding changed.  I even tried openssh to convert pem to ppk.

OS is current and up to date as well as OPNsense running 24.7.7.  I changed the port from the default.  I am attempted to lock it down so only it will accept my, LAN ssh request with my username/password and certificate.

I have a Debian Server that I am prepping for a file and small game server.  I haven't tried to SSH in with it.

[cookiemonster]

Please don't take this wrong but I don't understand what you are saying, and no idea what is ppk.

> IDK I can login as root and manage (WebUI) I get an error and in the UI says click goto page. But it does not open the log file so I can read it.  The UI will tell me which log to check but it doesn't give me a file location.

So you can login to the UI?
Then what error is it and what are the steps to reproduce it? In other words once logged in, what are you trying to do which causes an error? Then what log file? There are no log files to open in the UI.

>OS is current and up to date as well as OPNsense running 24.7.7.  I changed the port from the default.  I am attempted to lock it down so only it will accept my, LAN ssh request with my username/password and certificate.
OS up to date, OPNSense one? Good. " I changed the port from the default." Which port, for what service?

Can we go step by step. What is the first problem?

[Yewtink]

Please don't take this wrong but I don't understand what you are saying, and no idea what is ppk.

https://www.puttygen.com/convert-pem-to-ppk

Then what error is it and what are the steps to reproduce it? In other words once logged in, what are you trying to do which causes an error? Then what log file? There are no log files to open in the UI.

No supported authentication methods available [preauth]

The Secure SSH function not working at all.  I am mainly a windows user but I have tinkered with linux for fun in my free time.  I have always use Putty to ssh into my linux systems. This is the first time I tried to lock it down since it being a firewall/router and all. 

Looks like it was disabled or my settings didn't save. 
:(

I can log into the UI with my other user I create several months ago.  But can't with SSH. 

I bought the Practical OPNsense 4th edition hoping that it would help me with the configuring.   Have also visited the Docs and wanted to get a pdf copy os I view it offline and print out things I would like to remember and keep close.

[Yewtink]

I found where someone else was having issues with putty.

https://forum.opnsense.org/index.php?topic=40743.0

[Patrick M. Hausen]

SSH is available in powershell, no need to use putty.

[dseven]

I also create selfsigned cert and saved it to opnsense and my computer I am trying to ssh in with.

I'm fairly sure that OPNsense does not support certificate-based authentication for SSH. Where/how did you "save it to opnsense"?

[cookiemonster]

Recent windows versions have a very useful terminal application. There hasn't been a need to use putty in some years now.

[cookiemonster]

Also

I can log into the UI with my other user I create several months ago.  But can't with SSH. 

Maybe you show us what and how and we can have a better idea.
As dseven suggests, are you trying to ssh using username/password or are you trying to use a certificate?
@dseven - I could be wrong, haven't tested it but I think it can. They can be genereated from the "Users" section.
For ssh only of course.

[dseven]

I could be wrong too, but I really don't think so. AFAIK it would require openssh to be configured to trust a CA, and client certs would have to have been issued (signed) by that CA. I don't think a self-signed cert would work. There has been talk about implementing it in opnsense (https://github.com/opnsense/core/issues/6007), but I don't think it has actually happened, so you get people trying to hack around it like https://forum.opnsense.org/index.php?topic=43142.0