SSH inaccessibleupdate to version 25.07
-
Like an actual unexpected change in the config?
-
@stephenw10 said in SSH inaccessibleupdate to version 25.07:
Like an actual unexpected change in the config?
Exactly, I did a "from to" from an old version of pfsense and verified that the sheldo access role for my user caio.chagas was automatically removed, and curiously after I assigned the role again, access via WEB via C2S VPN stopped.
-
Do you have Nexus/MIM enabled?
-
@stephenw10 Not, Strange, I still can't access via SSH, and as the other friend said, I can't see any public key loaded in the login.
-
The public key for users would be in the config. Did that also get removed?
To be clear, you don't have Nexus enabled?
-
@stephenw10 said in SSH inaccessibleupdate to version 25.07:
The public key for users would be in the config. Did that also get removed?
To be clear, you don't have Nexus enabled?
I haven't enabled Nexus, and I don't even know what it is. I only see the public key in the admin user, not in my user. But in pfsense antido, I only see the public key in the admin user and not in my user, and I can connect.
-
You absolutely should see the public key in the config like:
<user> <scope>user</scope> <bcrypt-hash>$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</bcrypt-hash> <descr></descr> <name>test</name> <expires></expires> <dashboardcolumns>2</dashboardcolumns> <authorizedkeys>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxbase64encodedkeyherexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</authorizedkeys> <ipsecpsk></ipsecpsk> <webguicss>pfSense.css</webguicss> <keephistory></keephistory> <uid>2011</uid> <priv>user-shell-access</priv> </user>You should also be able to see it in the webgui for that user.
-
Another point I noticed, is that after the update, users who have access permission via secure shell automatically lost it and after I reassigned access via VPN, that is, access via LAN interface via VPN C2S in the web GUI stopped, only access via WAN, public IP is functional
-
Are you able to replicate that? If you roll back to 24.11 and upgrade again?
So far I've failed to replicate it.
-
@stephenw10 said in SSH inaccessibleupdate to version 25.07:
Are you able to replicate that? If you roll back to 24.11 and upgrade again?
So far I've failed to replicate it.
Então, eu tenho um cluster, e o secundário é em 24.11 e não tem esse problema. Não sei se informei masperceboq ue como se o servo do opevpn travasse e quando eu resetei o serviço doprofile que estou utilizando ele volta a funcionar.
-
So you upgraded the secondary to 25.07 and it didn't hit the same issue?
