SSH login using default user “admin”

wgstarks · Nov 30, 2017, 3:42 PM

I’m a new pfSense user with a new pfSense install. Tried to login to the box via ssh for the first time yesterday using ssh admin@ <ip>but the password wasn’t accepted. Just kept getting prompted for the password until the connection was eventually refused and I would have to start over. I know the password is correct, it works for webgui login.

I was able to eventually login to ssh by creating a new user in the webgui with group “admins” which worked without issue. Still wondering why I can’t login to ssh using the default admin user?</ip>

johnpoz · Nov 30, 2017, 5:28 PM

where you using Admin vs admin?

The username is case sens.. I just tested this, can login just fine with admin using the webgui password via ssh. But if you Admin it fails.

wgstarks · Nov 30, 2017, 5:57 PM

I don’t think that’s the issue. I was using “admin” with the password that I had configured in the setup wizard.

Is there a log where failed connection attempts are recorded?

johnpoz · Nov 30, 2017, 8:49 PM

Yeah it would be in the log

Nov 30 11:27:58 sshd 35282 Failed password for invalid user Admin from 192.168.9.100 port 52876 ssh2
Nov 30 11:27:58 sshd 35282 input_userauth_request: invalid user Admin [preauth]
Nov 30 11:27:58 sshd 35282 Invalid user Admin from 192.168.9.100
Nov 30 11:27:05 sshd 82349 Accepted publickey for admin from 192.168.9.100 port 52871 ssh2: ED25519 SHA256:y1pJFKtY<snipped>gmyw
Nov 30 11:26:26 sshd 72601 Accepted password for admin from 192.168.9.100 port 52869 ssh2
Nov 30 11:25:37 sshd 16076 Disconnected from 192.168.9.100 port 52862 [preauth]
Nov 30 11:25:37 sshd 16076 error: Received disconnect from 192.168.9.100 port 52862:13: The user canceled authentication. [preauth]
Nov 30 11:25:29 sshd 16076 Failed password for admin from 192.168.9.100 port 52862 ssh2

Here you can see me wrong password, then correct password, then public key, then fail with Admin as invalid user.</snipped>

wgstarks · Nov 30, 2017, 9:16 PM

Thanks. I’ll check the system log and see what it shows.

JKnott · Nov 30, 2017, 9:46 PM

@wgstarks:

I’m a new pfSense user with a new pfSense install. Tried to login to the box via ssh for the first time yesterday using ssh admin@ <ip>but the password wasn’t accepted. Just kept getting prompted for the password until the connection was eventually refused and I would have to start over. I know the password is correct, it works for webgui login.

I was able to eventually login to ssh by creating a new user in the webgui with group “admins” which worked without issue. Still wondering why I can’t login to ssh using the default admin user?</ip>

Try using root, not admin. When I ssh from my Linux computers, I use ssh root@firewall. I'm then prompted for the root password, which is the same as the admin. Don't forget, pfSense is built on FreeBSD and, like all *nix systems the root user is the one with all rights.

wgstarks · Nov 30, 2017, 10:14 PM

Not sure what was causing the problem? I opened the system log but there weren't any entries.

Clip from terminal-

maggie:~ wgstarks$ ssh admin@10.0.1.1 -p 2222
Password for admin@odin.dahoney.me:
Connection closed by 10.0.1.1

This resulted in no entries at all in the log.

I used the user manager to reset the pword for "admin" to exactly the same value and now it works for both admin and root. No idea what was causing the problem but it seems to be fixed. ???

wgstarks · Dec 1, 2017, 12:34 AM

After a little more testing, it seems that every time i reboot my system I can no longer connect via ssh. The password will work for webgui login but not for ssh login. I have to edit the admin user and restore the current password to be able to login via ssh. Not sure how to trouble shoot this?

jahonix · Dec 1, 2017, 1:02 AM

Which version do you use on what kind of platform?
Might it be a read-only mounted file system? It should commit changes but…

Gertjan · Dec 1, 2017, 1:04 AM

Strange.

I'm using a Putty session, with "admin" as the auto-login user name.
But I'm NOT using the password related to the "pfSense's admin user ;)
I generated and use key for authentication - have to type in the passphrase of the key :

Using username "admin".
Authenticating with public key "rsa-key-20150201"
Passphrase for key "rsa-key-20150201":
pfSense - Netgate Device ID: 20bbccdf95385caaa087

*** Welcome to pfSense 2.4.2-RELEASE (amd64) on pfsense ***
...

Works great.

wgstarks · Dec 1, 2017, 1:13 AM

@jahonix:

Which version do you use on what kind of platform?
Might it be a read-only mounted file system? It should commit changes but…

It’s vs 2.4.2 on a minisys n10e. The SSD is formatted ZFS but also had the same issue with UFS.

As far as I can tell only the password is effected by rebooting and only for ssh. The same user/password is used for webgui login without any issues. Don’t see any other settings/configurations that are getting lost on reboot.

Gertjan · Dec 1, 2017, 1:15 AM

I'm with you here, and with @johnpoz : It's really time that we all (you inclusive !!) see some logs now.

wgstarks · Dec 1, 2017, 1:26 AM

@Gertjan:

I'm with you here, and with @johnpoz : It's really time that we all (you inclusive !!) see some logs now.

I'd be glad to post them, but as far as I can tell nothing is being logged on the failed attempts. The only log entries I can find are for successful logins after editing the admin user. Do I need to check something other than system logs?

jimp · Dec 1, 2017, 9:00 PM

Did you move ssh to a different port? Or maybe you have a port forward or other NAT setup which might be redirecting that port to something else?

wgstarks · Dec 1, 2017, 9:08 PM

I changed ssh to port 2222 so to login I’m using ssh root@ <ip>-p 2222. I’ll get a prompt for a password. Sometimes the password works and sometimes I get “connection terminated” and nothing is logged on the firewall.</ip>

hda · Dec 2, 2017, 12:34 AM

@wgstarks:

… Sometimes the password works and sometimes I get “connection terminated”...

sshd_config. -> LoginGraceTime 30s

Gertjan · Dec 2, 2017, 8:49 AM

I just moved the "22" port to "2222" (why 2222 ? a port scan on your LAN will find it in less then 1 second).

In reverse order :

Dec 2 09:46:51 sshd 8263 Accepted keyboard-interactive/pam for admin from 192.168.1.6 port 50087 ssh2
Dec 2 09:46:48 sshd 8263 error: PAM: authentication error for admin from 192.168.1.6
Dec 2 09:46:45 sshd 8263 error: PAM: authentication error for admin from 192.168.1.6
Dec 2 09:46:22 sshd 59619 Server listening on 0.0.0.0 port 2222.
Dec 2 09:46:22 sshd 59619 Server listening on :: port 2222.
Dec 2 09:46:21 check_reload_status starting sshd
Dec 2 09:46:21 php-fpm 75193 /system_advanced_admin.php: secure shell configuration has changed. Restarting sshd.
Dec 2 09:46:21 php-fpm 75193 /system_advanced_admin.php: secure shell configuration has changed. Stopping sshd.

Logs work fine for me …. something's up with your system.

wgstarks · Dec 2, 2017, 1:41 PM

@Gertjan:

something's up with your system.

I think you are probably correct. Not sure, but I suspect that an incorrect password wouldn’t result in a terminated connection but rather an error about invalid password and a prompt for another one. I also can’t receive Growl notifications on the same system even though pfSense shows that they are being sent successfully.

I’ve installed a public key on the system and we’ll see how that works. So far no problems.