How to Install Certificates from PFsense to other servers?
-
@Gertjan said in How to Install Certificates from PFsense to other servers?:
If the first part of the third action worked : what about using a forth - the one you've disabled ?
This is what I have tried to describe. Two separate scp commands doesn't worked for the second (here the forth) one.
Be aware : we don't know nothing about the shell session used to fire up the actions.
Do what the first and second action imply : instead of just 'scp', use the full path of the command scp. After all, whatever the environnement is, its not the CLI.Of write a shell script, and then fire up a shell that executes the script for you.
With some nice log lines like "command 1 done", "command 2 done" etcYou are absolutely right, this is what I have to do...
Will be back in two month.... SMILEY! -
Still doesn't worked for the second copy in my script:
upcoming execution is logged:
Aug 4 03:16:45 php 38555 Acme, Running /home/USER/acme_post_scp.sh Aug 4 03:16:45 php 38555 Acme, Running /usr/local/etc/rc.d/haproxy.sh restart Aug 4 03:16:45 php 38555 Acme, Running /etc/rc.restart_webgui
the running itself:
Aug 4 03:16:46 php-cgi 39623 rc.restart_webgui: Creating rrd update script Aug 4 03:16:46 php-cgi 43383 haproxy: started new pid:47385 Aug 4 03:16:46 php-cgi 43383 haproxy: reload old pid:80851
The simple echos in script doesn't find in no way into pfsense system logs, only in shell directly, but the first certificate copy to 10.0.0.100 was successful. Still no ssh connection at 10.0.0.103 sysloged there (as above).
-
@Bronko said in How to Install Certificates from PFsense to other servers?:
The simple echos in script doesn't find in no way into pfsense system logs, only in shell directly
Use
logger
command. Does the second remote host log an ssh attempt? -
@darcey said in How to Install Certificates from PFsense to other servers?:
Use
logger
command. Does the second remote host log an ssh attempt?Thanks for logger. As mentioned above, second host never loged an ssh attempt.
-
@Bronko said in How to Install Certificates from PFsense to other servers?:
As mentioned above, second host never loged an ssh attempt.
You are not actually use the 'GUI' as shown above to create that shells script file, right ?
-
@Gertjan said in How to Install Certificates from PFsense to other servers?:
@Bronko said in How to Install Certificates from PFsense to other servers?:
As mentioned above, second host never loged an ssh attempt.
You are not actually use the 'GUI' as shown above to create that shells script file, right ?
Nope, to be save regarding file handling installed Filer package for that...
-
You 'chmod x' the script file as executable ?
(noop, you won't escape from the console or better, SSH )
-
@Gertjan said in How to Install Certificates from PFsense to other servers?:
Be aware : we don't know nothing about the shell session used to fire up the actions.
given by that, used the GUI for file creation and chmod 755 (check picture)
-
@Bronko said in How to Install Certificates from PFsense to other servers?:
But I have an issue regarding to copy certificates to more then one server in Action list:
I have found the missing step:
If you don't use the standard 'admin' group member of 'admins' like me to login into pfsense, you have to extend
/root/.ssh/known_hosts
by your target hosts from/home/USER/.ssh/known_hosts
given by the fact, Actions list jobs running in root context... My fault.Thanks for all your response.
-
@Bronko Suggest to test if .ssh subfolders are persistent after reboot of each machine. FreeBSD typically purges them at reboot. Might need to run a script at boot time to recover them or run script each time you copy the scripts with following options to recreate / ignore the known hosts automatically: scp -o UserKnownHostsFile=/dev/null -o StrictHostKeychecking=no -i /root/.ssh/id_rsa <user>@<cert store host>:/<script>
-
@mwebb said in How to Install Certificates from PFsense to other servers?:
Suggest to test if .ssh subfolders are persistent after reboot
at pfsense they are persistent