SSH admin password should be the same as web admin right?
-
@yannb said in SSH admin password should be the same as web admin right?:
I paste it in, I just get a "connection closed" message.
paste somewhere else, in the middle of a set of "xxxxxxxxxxxxxx" and check if there aren't any surrounding spaces or other white chars.
pasting just works fine - just tried it. Works.
Btw : past your cert password, never your admin pfSense password, that method of login should b disabled right after initial GUI setup.
-
@yannb said in SSH admin password should be the same as web admin right?:
I paste it in, I just get a "connection closed" message.
paste somewhere else, in the middle of a set of "xxxxxxxxxxxxxx" and check if there aren't any surrounding spaces or other white chars.
pasting just works fine - just tried it. Works.
Btw : past your cert password, never your admin pfSense password, that method of login should b disabled right after initial GUI setup.
edit : wtf : echo mode is on ?
-
@Gertjan cert password? The whole point of a SSH cert is not to use a password…
Once you have a cert added it doesn't ask for a password. I'm probably misunderstanding what you mean.that method of login should b disabled right after initial GUI setup
I think I read in the docs that you can only log in via password from the LAN… This is for my home setup so it should be safe enough in theory no?
Thanks!
-
@yannb said in SSH admin password should be the same as web admin right?:
you have a cert added it doesn't ask for a password
It's a choice.
Cert can be baked without a password.
Normally, I add one in. (dono why any more, it's just a reflex)@yannb said in SSH admin password should be the same as web admin right?:
log in via password from the LAN
By adding a "SSH in" firewall rule on any interface, you could login from any interface.
But for WAN this would be considered as a security risk.
Other interface : the choice is up to you.
On LAN : disable the default anti-lockout rule, make a new one that specifies your (source) IP adresses and only your device can login.
Etc etc.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan
phuuu glad i'm not alone with that reflex ;) -
I don't have problem with pfsense 2.4.5
my ssh admin password is the same as guissh admin@10.0.1.81
Password for admin@pfSense.ngtrain.com:
pfSense - Netgate Device ID: 3433882c484aeebf8e40*** Welcome to pfSense 2.4.5-RELEASE-p1 (amd64) on pfSense ***
WAN (wan) -> vtnet0 -> v4: 10.0.1.81/24
LAN (lan) -> vtnet1 -> v4: 192.168.1.1/24- Logout (SSH only) 9) pfTop
- Assign Interfaces 10) Filter Logs
- Set interface(s) IP address 11) Restart webConfigurator
- Reset webConfigurator password 12) PHP shell + pfSense tools
- Reset to factory defaults 13) Update from console
- Reboot system 14) Disable Secure Shell (sshd)
- Halt system 15) Restore recent configuration
- Ping host 16) Restart PHP-FPM
- Shell
Enter an option:
-
Hi all, the password is the same.
@Gertjan said in SSH admin password should be the same as web admin right?:
@yannb said in SSH admin password should be the same as web admin right?:
you have a cert added it doesn't ask for a password
It's a choice.
Cert can be baked without a password.
Normally, I add one in. (dono why any more, it's just a reflex)@yannb said in SSH admin password should be the same as web admin right?:
log in via password from the LAN
By adding a "SSH in" firewall rule on any interface, you could login from any interface.
But for WAN this would be considered as a security risk.
Other interface : the choice is up to you.
On LAN : disable the default anti-lockout rule, make a new one that specifies your (source) IP adresses and only your device can login.
Etc etc. -
Could pfsense using port knocking like linux did?
I mean telnet other port 3x then it will open port 22 -
@nbctcp port 8*** maybe?
-
No, there is no port knocking in pfSense. Currently at least.
Steve
-
@nbctcp said in SSH admin password should be the same as web admin right?:
Could pfsense using port knocking like linux did?
I mean telnet other port 3x then it will open port 22Way back - like last century, I used such a method to gain access to private resources, while published on public networks.
It worked well.These days we have (Open)VPN ;)
