Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. ssh
    Log in to post
    • All categories
    • MrPeteM

      How to configure certs so updates work in HA / SSH environment? (CSRF storm now!)

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions csrf ssh cert carp
      9
      0 Votes
      9 Posts
      1k Views
      stephenw10S

      I agree, internal ticket opened.

    • B

      einfach neuen SSH Key und self signed Webserver Cert erstellen möglich?

      Watching Ignoring Scheduled Pinned Locked Moved Deutsch renew ssh keygen webserver self-signed
      6
      0 Votes
      6 Posts
      1k Views
      JeGrJ

      @bon-go said in einfach neuen SSH Key und self signed Webserver Cert erstellen möglich?:

      Ja, ich weiss wie das geht. Es hätte ja sein können, es gibt für 1. eine schnellere und einfachere Möglichkeit als ein ssh-keygen auf der Shell für den ssh Server der pfSense. Die pfSense macht das ja auch wenn der SSH Server erstmalig aktiviert wird.

      ja die SSH HOST Keys - die du wahrscheinlich meinst - sind erst seit kurzem Bestandteil des Backups. Du kannst es einfach AUSschalten, dass diese mit exportiert werden, dann hast du den pre-2.5?2.6? Zustand wieder in welchem die Host Keys beim First Boot einfach erzeugt werden.

      Das Self-Signed Cert kann auf der Konsole wieder neu erstellt werden:

      CLI Menü Option 12 (PHP Shell / Tools) playback generateguicert exit

      Und dann hast du ein neues Cert, wobei das bei self-signed relativ gleichgültig ist ob das die gleichen sind oder nicht, da sie eh keine Aussagekraft haben. Bei SSH Host Keys bin ich aber bei dir, das möchte man über Restore Deployment sicher nicht mit ausrollen.

      Ansonsten genügt auch ein rm /etc/ssh/*key* um alle SSH Host Keys zu löschen, diese werden dann nach einem Reboot automatisch wieder erzeugt. Alles weitere zum Verständnis kann man der /etc/sshd Konfiguration entnehmen, dort werden die Keys erzeugt wenn nicht vorhanden und entsprechende Extras und Ciphers gesetzt. Herumpfuschen sollte man da allerdings nicht, höchstens sich anschauen, wie man sie bei Bedarf selbst neu erzeugt ohne löschen und reboot.

      Cheers

    • A

      Firewall rule problems. (Client-to-client forward)

      Watching Ignoring Scheduled Pinned Locked Moved L2/Switching/VLANs rules vlan protocols smb ssh
      2
      0 Votes
      2 Posts
      871 Views
      V

      @adminproconer said in Firewall rule problems. (Client-to-client forward):

      Where should I start troubleshooting the issue?

      With the network settings and firewall config of the concerned device.

      Ensure that all devices in both subnets use pfSense as gateway.

      If you can access a device from within it's own subnet, but not from another network segment check its firewall and ensure that it allows access from outside.

    • Sergei_ShablovskyS

      [WORKAROUND] Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed)

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions repo backup ssh fresh install 2.7.0-dev
      67
      0 Votes
      67 Posts
      16k Views
      Sergei_ShablovskyS

      @stephenw10 said in [WORKAROUND] Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):

      This?

      SSH KeyGen pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed. @ 2022-05-01 12:55:10

      That's normal whenever new keys are created. Which until 22.01/2.6 was every install or config reset.

      Steve

      Thank You, Steve!

    • U

      Web ui locked out of

      Watching Ignoring Scheduled Pinned Locked Moved webGUI ssh pfsense
      5
      0 Votes
      5 Posts
      1k Views
      U

      @ptt and @johnpoz

      It worked. Thanks so much for all your help

    • S

      Remote port forwarding

      Watching Ignoring Scheduled Pinned Locked Moved NAT port forwarding ssh
      3
      0 Votes
      3 Posts
      940 Views
      S

      @samto I found a root cause of the problem. It is well described here: https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-tunnel-options/

      So, the combination ssh -f -T -N -R works fine

    • gnitingG

      sshguard complaining about an attack from the pfSense system itself?

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions ssh sshguard logs
      2
      0 Votes
      2 Posts
      1k Views
      GertjanG

      @ibbetsion said in sshguard complaining about an attack from the pfSense system itself?:

      192.168.1.2 is assigned IP of the pfSense firewall from my ISP router. It is the only device connected to the ISP router

      This is a WAN interface ...

      192.168.7.1 is the IP of the pfSense firewall itself (WAN1)

      Another WAN interface ...

      192.168.5.2 is the assigned IP of the second WAN port on the pfSense firewall (WAN2)

      And another WAN interface ...

      No LAN(s) ?

      Remove all rules on all WAN interfaces.
      The default action will be block all (DROP) - so sshguard won't be bothered again.

    • U

      IPSEC's VPN can't PING the host network and vice versa

      Watching Ignoring Scheduled Pinned Locked Moved IPsec ipsec vpn client ping ssh
      1
      0 Votes
      1 Posts
      505 Views
      No one has replied
    • W

      Web Server & SSH port forward issues

      Watching Ignoring Scheduled Pinned Locked Moved NAT port forward ssh dual lan
      7
      0 Votes
      7 Posts
      2k Views
      W

      @kom

      The first link I glanced over before but I can now access the web server both on the WAN and LAN. I'm even able to ssh to it from LAN to OPT1. I don't remember if it was one of the videos you linked or some random third video but I didn't understand that request get sent out on a random port. So those source ports would have never worked. Sorry for not understanding that sooner.

      Thank you for the references and your time.

    • M

      Access menu with common user then su root (SSH)

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions menu ssh pfsense
      3
      0 Votes
      3 Posts
      2k Views
      M

      @jimp Thank you! It worked.