Non root user ssh logon or other methods
-
I use Xymon for monitoring, formerly Hobbit, formerly BigBrother. It's an awesome monitoring system, I thoroughly suggest it. Either way, I've got a couple of different options to monitor this box, but I'm running into problems with all of them.
Option 1: Remote SSH client>
There is a client that executes entirely out of SSH, however, I run the server as a regular user for obvious reasons. In order for the SSH client to work I need key based auth as that user, which isn't a problem for the myriad of other systems I do this for, but I am unable to get this to work in pfsense. Not just specifically key based auth, but for any user I configure other than root/admin. Has anyone got this to work? Here's the output from ssh -v[username@hostname bin]$ ssh -v firewall
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to firewall [10.1.0.10] port 22.
debug1: Connection established.
debug1: identity file /home/username/.ssh/identity type -1
debug1: identity file /home/username/.ssh/identity-cert type -1
debug1: identity file /home/username/.ssh/id_rsa type 1
debug1: identity file /home/username/.ssh/id_rsa-cert type -1
debug1: identity file /home/username/.ssh/id_dsa type -1
debug1: identity file /home/username/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4p1_hpn13v11 FreeBSD-20100308
debug1: match: OpenSSH_5.4p1_hpn13v11 FreeBSD-20100308 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'firewall' is known and matches the RSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/username/.ssh/identity
debug1: Offering public key: /home/username/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/username/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,password,keyboard-interactiveI see that it likes the public key, but still fails to authenticate, and what's more irritating is that I can go through keyboard interactive then password and it will still fail no matter what. I simply cannot logon as any other user than root. Also, I've tried this with adding the Shell Access permission in user manager and with all permissions, which isn't a preferred method, but still no luck.
Option 2: Fat Client
There exists a fat client for BSD that I can pull and run successfully, however; no matter what I've tried to do I cannot get it to autostart, but you'll have to forgive me, I not very savvy with pfsense/nanobsd. If I understand it correctly, everything gets re-written upon restart, so I can't use rc.d, but cron is an option. I understand that BSD supports the '@reboot' syntax in cron, but I haven't been able to get that to work either. Any suggestions?