Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    key based auth ssh issue

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 719 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mod
      last edited by

      Hi;
      I'm on a Ubuntu 18.04 based distro trying to use public key only ssh with pfsense.
      i get the no auth methods message when set to public key only.
      when password and public key are active i can login.
      ssh-keygen -t ed25519 is the type of key i use.
      copied to new user i created to login and disabled admin login/admin user.
      new user has admin rights +ssh login.
      pfblockerng+suricata running.
      any help would be great. thank you.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        I use public key auth every time I log in... Lets see your log.. What version of pfsense? What version of ssh?

        Lets see your log with ssh -v

        debug1: Server accepts key: /home/johnpoz/.ssh/id_ed25519 ED25519 SHA256:y1pJFKtYk+f2<snipped>
debug1: Authentication succeeded (publickey).
Authenticated to sg4860.local.lan ([192.168.9.253]:22).

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          mod
          last edited by

          pfsense 2.4.4.4p is my version.
          ok; you will have to tell me which log you need.

          1 Reply Last reply Reply Quote 0
          • M
            mod
            last edited by

            @johnpoz said in key based auth ssh issue:

            ssh -v

            also i have to do /etc/rc.initial when i login ssh .
            could it be that i need to reinstall again with latest as something is messed up?
            i get nothing running that command but other flags for ssh.
            but it could be because when it does not work i go back in and turn off the service.
            I'll turn off ssh and try reinstall later .
            8core 12 gig router :) an i messed it up some how lol.
            i use version 2 in putty as ssh option

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @mod
              last edited by Gertjan

              @mod said in key based auth ssh issue:

              to reinstall again with latest as something is messed up?

              Yeah, good idea.
              This isn't a official version :

              @mod said in key based auth ssh issue:

              pfsense 2.4.4.4p is my version.

              Why should you even bother with some unknown copy if you can have the real thing ?

              e4240808-5118-41d9-a664-ffeec0532dc3-image.png

              And why do you want to lock out the admin ?
              pfSense is a router, not some family event device.
              Give the admin key or logging to those who you trust. The "roads are loaded with people how know how a router works" but those how actually manage to do something useful without making a mess : you find maybe one person in the village. So share it with him, and you'll be fine.

              @mod said in key based auth ssh issue:

              i use version 2 in putty as ssh option

              Because you don't want number 1 ? :

              ab4bc9b4-30cb-48cd-b38e-16ad34687a4d-image.png

              Good for you : "SSH 1" doesn't even work with pfSEnse, it ancient. Some SSH clients stil offer it, in case you have to log into an ancient device ....

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                What version of putty... Maybe it doesn't support ED25519? You using the lastest snapshot of it? Putty has had support for long time, but don't know if your talking about ssh1, maybe yours is like version from 2000 or something?

                Development snapshot 2019-06-04.29cb7e4, is lastest version I show...

                So you created the key in putty keygen? And you pasted it into pfsense for this user you created?

                paste.png

                I don't get why users disable the admin account... Sure if you want to, but make sure everything thing is working with your other account, before you disable the admin one ;)

                2.4.4.4p is my version.

                This what exactly... What I find difficult with such info when given is... If you can not provide even the most basic of questions with valid info.. How can we expect other info to be be correctly stated?

                ssh-keygen -t ed25519 is the type of key i use.

                That is NOT putty... But then you are using putty.. So how did you convert the keys.. To use with putty, etc. You have to use the putty keygen tool, etc.

                If your going to gen key pair with putty, then copy and paste what it gives you into the pfsense user manager.

                puttykeygen.png

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • M
                  mod
                  last edited by

                  ok; to answer both of your questions:
                  1: it is official I put a 4 when it is p3 my f'up
                  2: I use linux version of putty and we don't get keygen/ don't need to convert.
                  3 . password +public key login works
                  4. I use ssh 2 as ssh 1 is a security risk/not good
                  version of putty:
                  Release 0.70

                  Build platform: 64-bit Unix (GTK + X11)
                  Compiler: gcc 7.3.0
                  Compiled against GTK version 3.22.29
                  Source commit: 3cd10509a51edf5a21cdc80aabf7e6a934522d47

                  Copyright 1997-2017 Simon Tatham. All rights reserved

                  besides the fix for the web login . i only use current version of pfsense.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by johnpoz

                    @mod said in key based auth ssh issue:

                    3 . password +public key login works

                    That is not really an option.. If you set password and public key your just using password to auth..

                    2: I use linux version of putty and we don't get keygen/ don't need to convert.

                    Pretty sure you do..
                    https://www.ssh.com/ssh/putty/linux/puttygen

                    4

                    Yeah no idea why your bringing that up at all - yeah no shit everyone uses 2 ;)
                    BTW, current stable version of putty is .71

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.