Can't SSH without '-o MACs=hmac-md5' option for SSH
I can ssh into my server over openvpn if i use:
ssh -o MACs=hmac-md5 192.168.1.10
but without the -o MACs=hmac-md5 part ssh will not connect
Any help would be appreciated!
what ssh client are you using and what pfsense version are you connecting too?
can we see the output of -v (debug) when you try and connect if you using say openssh client. If your using some other client how ever you can get to see the connection as its being made would be helpful.
The did modify the ssh server security recently to provide for newer ciphers, etc. I connect in via chacha20 for example
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: firstname.lastname@example.org MAC: <implicit>compression: none
debug1: kex: client->server cipher: email@example.com MAC: <implicit>compression: none</implicit></implicit>
Also: What is "your server"?
If the client is an OpenVPN client and the server is some other box (not pfSense) on your LAN, then the firewall would not have any sway over their protocol negotiation. If it works at all, it wouldn't be the firewall. If it's broken, it's on the client and/or server.
Good catch, I took it pfsense was the server - but yeah now that I reread it, it could be a server behind pfsense that he is sshing too. If that is the case then pfsense has nothing to do with it.