Unable to SSH into OPNsense shell: Access denied

Started by Jingles, May 23, 2026, 11:43:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 23, 2026, 11:43:12 AM
I am having trouble updating from OPNsense 26.1.6_2.

An update looks like it is successful but the version remains stuck on 26.1.6_2.

I tried a few different mirrors but no matter which mirror I use the result is the same.

A search indicates that other users have had success updating from the shell. So I enabled SSH in 'System: Settings: Administration' and tried to log in but I am unable to log in using PuTTY (v0.84) because whenever I try to log in using the 'root' user credentials I get the following messages and access is denied after typing the password:

     login as: root
     Keyboard-interactive authentication prompts from server:
     | Password:
     End of keyboard-interactive prompts from server
     Access denied
     Keyboard-interactive authentication prompts from server:
     | Password:

A user in another thread indicated changing the 'Login Shell' worked for them, I tried all of the 'Login Shell' options; /bin/csh, /bin/sh, and /bin/tcsh this failed to resolve the issue.

I could backup my current config, reimage my OPNsense box with the latest version, then apply the config but that's my absolute last resort if I can't resolve the problem that I can't SSH into the shell.

Has anyone else run into and solved this issue?

At this point I'm not sure what else to do or try and any assistance to resolve this issue would be greatly appreciated.
May 23, 2026, 12:28:59 PM #1
Make sure both Permit User and Permit password options are checked under ssh settings
May 23, 2026, 01:14:00 PM #2
Quote from: newsense on May 23, 2026, 12:28:59 PMMake sure both Permit User and Permit password options are checked under ssh settings

The "Permit root user login" and "Permit password login" options are already enabled. Still unable to log in.
May 23, 2026, 01:18:20 PM #3
Type the password in a text file, select and copy, when prompted in putty paste it there with a right click on the mouse
May 23, 2026, 02:20:06 PM #4
Quote from: newsense on May 23, 2026, 01:18:20 PMType the password in a text file, select and copy, when prompted in putty paste it there with a right click on the mouse

That doesn't work either. Unless I'm missing something?

I'm pretty sure I shouldn't be getting the "Keyboard-interactive authentication prompts from server:" message after I type the username, i.e. "root". I'm also pretty sure it should just ask for the password.

I have never seen this behaviour, i.e. the "Keyboard-interactive authentication prompts from server:" message after typing in a username to log into other devices via SSH. Any other device I have SSH'd into it asks for the username, I type it in then it asks for the password I type it in, then it dumps me at the prompt.
May 23, 2026, 02:40:24 PM #5
Just checked putty0.84 and works fine.

I suspect you have an incomplete update there breaking ssh.

Can you do a health check from Firmware and post it here?
May 23, 2026, 02:44:13 PM #6
Do you happen to have an @-sign in your password and try to login via PuTTY? See: https://github.com/opnsense/core/issues/9888
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 450 up, Bufferbloat A+
May 23, 2026, 02:47:30 PM #7
Quote from: newsense on May 23, 2026, 02:40:24 PMJust checked putty0.84 and works fine.

I suspect you have an incomplete update there breaking ssh.

Can you do a health check from Firmware and post it here?

Here you go:

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 26.1.6_2 (amd64) at Sat May 23 22:42:40 AEST 2026
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 26.1.6 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 26.1.6 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
os-acme-client 4.15
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" at 26.1.6_2 has 68 dependencies to check.
Checking packages: ........
dnsmasq-2.92_2,1 version mismatch, expected 2.92rel2,1
Checking packages: .........
kea-3.0.2_2 version mismatch, expected 3.0.3
Checking packages: .....
openssh-portable-10.2.p1_1,1 version mismatch, expected 10.3.p1,1
Checking packages: .
openvpn-2.6.19 version mismatch, expected 2.6.20
Checking packages: .
opnsense-26.1.6_2 version mismatch, expected 26.1.8_5
Checking packages: ..
opnsense-lang-26.1.4 version mismatch, expected 26.1.7
Checking packages: .
opnsense-update-26.1.6 version mismatch, expected 26.1.7_1
Checking packages: .............
php83-phalcon-5.10.0 version mismatch, expected 5.12.1
Checking packages: .
php83-phpseclib-3.0.50 version mismatch, expected 3.0.52
Checking packages: ..........
py313-duckdb-1.5.0 version mismatch, expected 1.5.2
Checking packages: ...
py313-numpy-1.26.4_12,1 has no upstream equivalent
Checking packages: .
py313-pandas-2.3.3,1 version mismatch, expected 2.3.3_1,1
Checking packages: .
py313-requests-2.32.5 version mismatch, expected 2.33.1
Checking packages: .......
strongswan-6.0.4 version mismatch, expected 6.0.6
Checking packages: ...
syslog-ng-4.11.0_1 version mismatch, expected 4.11.0_2
Checking packages: .
unbound-1.24.2_1 version mismatch, expected 1.25.0
Checking packages: .. done
***DONE***

May 23, 2026, 02:49:14 PM #8
Quote from: meyergru on May 23, 2026, 02:44:13 PMDo you happen to have an @-sign in your password and try to login via PuTTY? See: https://github.com/opnsense/core/issues/9888

There's no @ in my password. The only special character in the password is an !
May 23, 2026, 03:30:58 PM #9
Did you try to disable ssh, save settings, reenable ssh?

Also can you try an update either from GUI or console?
May 23, 2026, 05:05:53 PM #10
Quote from: newsense on May 23, 2026, 03:30:58 PMDid you try to disable ssh, save settings, reenable ssh?

Also can you try an update either from GUI or console?

Yes, multiple times.

No I can't update from the GUI.

How do I access the console if I can't SSH into it?
May 23, 2026, 07:08:17 PM #11
Quote from: Jingles on May 23, 2026, 05:05:53 PMHow do I access the console if I can't SSH into it?
He means locally, hook up a monitor and keyboard to the machine.
Today at 12:07:44 AM #12
Quote from: Jingles on May 23, 2026, 05:05:53 PMHow do I access the console if I can't SSH into it?
- Create a new user : Jingles
- Make sure the user is part of the wheel User Group.
- Try using that user for webGUI and SSH access :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions