SSH inaccessibleupdate to version 25.07
-
After updating to version 25.07, SSH access stopped. After exchanging keys and asking for the password, access simply freezes. NOTE: I tested on two different instances after the update.
-
@alvescaio I ssh to my 25.07 and now 25.07.1 every single day.. never had any issues. Not every day but also my 25.07.1 VM box without any issues.
Are you logging in with a different account than root or admin?
-
Same personal account, caio.chagas
-
@alvescaio so not the default root/admin login - have you tried that?
-
How to I verify accept keys?
-
@alvescaio it would be in the log for sure
-
Mmm, no known issue with SSH I'm aware of. I assume you can still login to the webgui with the same credentials?
-
S stephenw10 moved this topic from Problems Installing or Upgrading pfSense Software on
-
Yes, I can log in normally via GUI, but the key I used to connect via SSH to the three instances, primary, secondary and bkp, is no longer being accepted. When I use it, it asks for the password and after I assign the password, it simply "hangs".
-
@alvescaio still not sure what account your trying to login with.. Login with admin or root using just a password.. Does that work? Since you have access to the gui you can for sure set pfsense to use either or.
Are you currently set to require both?
-
Sr.s. I noticed that after update my users privileges was lost.
-
Like an actual unexpected change in the config?
-
@stephenw10 said in SSH inaccessibleupdate to version 25.07:
Like an actual unexpected change in the config?
Exactly, I did a "from to" from an old version of pfsense and verified that the sheldo access role for my user caio.chagas was automatically removed, and curiously after I assigned the role again, access via WEB via C2S VPN stopped.
-
Do you have Nexus/MIM enabled?
-
@stephenw10 Not, Strange, I still can't access via SSH, and as the other friend said, I can't see any public key loaded in the login.
-
The public key for users would be in the config. Did that also get removed?
To be clear, you don't have Nexus enabled?
-
@stephenw10 said in SSH inaccessibleupdate to version 25.07:
The public key for users would be in the config. Did that also get removed?
To be clear, you don't have Nexus enabled?
I haven't enabled Nexus, and I don't even know what it is. I only see the public key in the admin user, not in my user. But in pfsense antido, I only see the public key in the admin user and not in my user, and I can connect.
-
You absolutely should see the public key in the config like:
<user> <scope>user</scope> <bcrypt-hash>$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</bcrypt-hash> <descr></descr> <name>test</name> <expires></expires> <dashboardcolumns>2</dashboardcolumns> <authorizedkeys>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxbase64encodedkeyherexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</authorizedkeys> <ipsecpsk></ipsecpsk> <webguicss>pfSense.css</webguicss> <keephistory></keephistory> <uid>2011</uid> <priv>user-shell-access</priv> </user>You should also be able to see it in the webgui for that user.
-
Another point I noticed, is that after the update, users who have access permission via secure shell automatically lost it and after I reassigned access via VPN, that is, access via LAN interface via VPN C2S in the web GUI stopped, only access via WAN, public IP is functional
-
Are you able to replicate that? If you roll back to 24.11 and upgrade again?
So far I've failed to replicate it.
-
@stephenw10 said in SSH inaccessibleupdate to version 25.07:
Are you able to replicate that? If you roll back to 24.11 and upgrade again?
So far I've failed to replicate it.
Então, eu tenho um cluster, e o secundário é em 24.11 e não tem esse problema. Não sei se informei masperceboq ue como se o servo do opevpn travasse e quando eu resetei o serviço doprofile que estou utilizando ele volta a funcionar.
