Ssh login with cert doesn't work?

_igor_

Trying to enable ssh-login with cert results in following errors:

login with cert: Permission denied (publickey).

Doesn't matter if I do "ssh -i …" or "ssh ..." Same result.
By this way, sometimes the first page of "System/Advanced" is resetted to initial values.

Anybody else with same error? I use the 2.0 built on Tue Jun 9 13:40:56 EDT 2009
FreeBSD pfsense.local 7.1-RELEASE-p5 FreeBSD 7.1-RELEASE-p5 #0: Tue Jun 9 13:38:22 EDT 2009
Earlier releases have the same error.

joniz

I had the same issue myself when upgrading from 1.2 to 2.0. I believe I solved the problem by placing the id_dsa.pub file with the key in the .ssh folder of the home directory. I didn't get it to work by just pasting
it into the web interface page.

_igor_

I think, I found out what happens (partly):

For users added via the WebIF:
Owner of .ssh AND authorized_keys is root, not the user himself. Changing the rights solves the problem.

Thanks much, user root needs the key.pub. I copied from other box and worked like a charm.
only till next reboot…

I changed auth.inc in /etc/inc like this: (lines marked with --> are added)

/* write out ssh authorized key file */
       if($user['authorizedkeys']) {
               if (!is_dir("{$user_home}/.ssh"))
                       mkdir("{$user_home}/.ssh", 0700);
–>                    chown("{$user_home}/.ssh", $user_name);
               $keys = base64_decode($user['authorizedkeys']);
               file_put_contents("{$user_home}/.ssh/authorized_keys", $keys);
–>           chown("{$user_home}/.ssh/authorized_keys", $user_name);
       }

With this change new users have the right rights.

Found out, that not only RSA-keys work, DSA-keys work too

eri--

Thanks is in the sources now.