My pfsense failed an audit by securitymetrics.com
-
I generate public key and copy then export private key. Right?
-
You can use puttygen to generate a pair and then copy the key from the top of the window which says "Public key for pasting into OpenSSH authorized_keys file:"…
-
Here is a new example:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBb5HVQf5Nbdu6+bC2dE2bM1ZNC/7USV/jJRcRNtBSu9plZCEAz4BRwCkMiuHlFNHT+FO6fjcdg9Jzb/csZ8SyVP9wY0iSDYeDd9eY5N04LceCGb2AxqrL24a09BftVSlQnXvbsPaume+fKgVVMo6NCDoUhPI917PUyIlNZ8YBD9w== rsa-key-20100303
I pasted this into System:Advanced:Secure Shell:Authorized Keys. Saved.
Then open Putty and loaded session with internal pfsense IP. Clicked on Auth in Putty and browsed to the Private.pkk file which I downloaded from puttygen.
Fail. ???
-
Yep. That sounds about right. Are you running 1.2.3 also?
-
1.2.3-RELEASE
built on Mon Dec 7 20:21:30 EST 2009 -
Should I remove: rsa-key-20100303 from the end of the key?
-
Nope. I have that, too….
Please check when logged in that the key is really there....
cat .ssh/authorized_keys
-
you mean check via winscp?
-
No. Login via putty and ssh. And then do that command in /root
-
Seems to be going from Bad to worse.
I deleted the key and unchecked the box disabling password for SSH. No when I connect I get:
Disconnected: No Supported authentication methods available.
-
Use your console to connect to the box…
-
ok. Disables SSH and enabled and now I am back in.
cat: .ssh/authorized_keys: No such file or directory
-
Ok. So I repasted info and connected with private ket and got the following:
login as: root
Server refused our key
Using keyboard-interactive authentication.
Password:Though I was able to get through….
-
Also when you login as 'admin'?
-
I am able to get in no matter what…
-
Log in again and then do:
- cd /root
- cd .ssh
- ls -la (post output, there should be a authorized_keys files after you pasted your key via GUI)
Are you running on embedded?
-
Yes Embedded….
[1.2.3-RELEASE] [root@wall.test.local]/root(1): cd /root
[1.2.3-RELEASE] [root@wall.test.local]/root(2): cd .ssh
[1.2.3-RELEASE] [root@wall.test.local]/root/.ssh(3): ls -la
total 1
drwx–---- 2 root wheel 512 Mar 4 07:49 .
drwxr-xr-x 4 root wheel 512 Mar 4 05:08 ..
[1.2.3-RELEASE] [root@wall.test.local]/root/.ssh(4): -
So there is something wrong with your install. The authorized_keys file does not get created.
Try this:
- /etc/rc.conf_mount_rw
- then create the file manually with e.g. vi /root/.ssh/authorized_keys and paste in your key
- /etc/rc.conf_mount_ro
Then check again…
-
vi/root/.ssh/authorized_keys: Command not found.
-
here is a screen shot via winscp….