• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

key based auth ssh issue

Scheduled Pinned Locked Moved General pfSense Questions
8 Posts 3 Posters 712 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mod
    last edited by Jun 4, 2019, 12:09 AM

    Hi;
    I'm on a Ubuntu 18.04 based distro trying to use public key only ssh with pfsense.
    i get the no auth methods message when set to public key only.
    when password and public key are active i can login.
    ssh-keygen -t ed25519 is the type of key i use.
    copied to new user i created to login and disabled admin login/admin user.
    new user has admin rights +ssh login.
    pfblockerng+suricata running.
    any help would be great. thank you.

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz Jun 4, 2019, 2:40 AM Jun 4, 2019, 12:53 AM

      I use public key auth every time I log in... Lets see your log.. What version of pfsense? What version of ssh?

      Lets see your log with ssh -v

      debug1: Server accepts key: /home/johnpoz/.ssh/id_ed25519 ED25519 SHA256:y1pJFKtYk+f2<snipped>
      debug1: Authentication succeeded (publickey).
      Authenticated to sg4860.local.lan ([192.168.9.253]:22).
      

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • M
        mod
        last edited by Jun 4, 2019, 4:05 PM

        pfsense 2.4.4.4p is my version.
        ok; you will have to tell me which log you need.

        1 Reply Last reply Reply Quote 0
        • M
          mod
          last edited by Jun 4, 2019, 4:21 PM

          @johnpoz said in key based auth ssh issue:

          ssh -v

          also i have to do /etc/rc.initial when i login ssh .
          could it be that i need to reinstall again with latest as something is messed up?
          i get nothing running that command but other flags for ssh.
          but it could be because when it does not work i go back in and turn off the service.
          I'll turn off ssh and try reinstall later .
          8core 12 gig router :) an i messed it up some how lol.
          i use version 2 in putty as ssh option

          G 1 Reply Last reply Jun 4, 2019, 6:09 PM Reply Quote 0
          • G
            Gertjan @mod
            last edited by Gertjan Jun 4, 2019, 6:15 PM Jun 4, 2019, 6:09 PM

            @mod said in key based auth ssh issue:

            to reinstall again with latest as something is messed up?

            Yeah, good idea.
            This isn't a official version :

            @mod said in key based auth ssh issue:

            pfsense 2.4.4.4p is my version.

            Why should you even bother with some unknown copy if you can have the real thing ?

            e4240808-5118-41d9-a664-ffeec0532dc3-image.png

            And why do you want to lock out the admin ?
            pfSense is a router, not some family event device.
            Give the admin key or logging to those who you trust. The "roads are loaded with people how know how a router works" but those how actually manage to do something useful without making a mess : you find maybe one person in the village. So share it with him, and you'll be fine.

            @mod said in key based auth ssh issue:

            i use version 2 in putty as ssh option

            Because you don't want number 1 ? :

            ab4bc9b4-30cb-48cd-b38e-16ad34687a4d-image.png

            Good for you : "SSH 1" doesn't even work with pfSEnse, it ancient. Some SSH clients stil offer it, in case you have to log into an ancient device ....

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz Jun 4, 2019, 7:55 PM Jun 4, 2019, 7:48 PM

              What version of putty... Maybe it doesn't support ED25519? You using the lastest snapshot of it? Putty has had support for long time, but don't know if your talking about ssh1, maybe yours is like version from 2000 or something?

              Development snapshot 2019-06-04.29cb7e4, is lastest version I show...

              So you created the key in putty keygen? And you pasted it into pfsense for this user you created?

              paste.png

              I don't get why users disable the admin account... Sure if you want to, but make sure everything thing is working with your other account, before you disable the admin one ;)

              2.4.4.4p is my version.

              This what exactly... What I find difficult with such info when given is... If you can not provide even the most basic of questions with valid info.. How can we expect other info to be be correctly stated?

              ssh-keygen -t ed25519 is the type of key i use.

              That is NOT putty... But then you are using putty.. So how did you convert the keys.. To use with putty, etc. You have to use the putty keygen tool, etc.

              If your going to gen key pair with putty, then copy and paste what it gives you into the pfsense user manager.

              puttykeygen.png

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • M
                mod
                last edited by Jun 4, 2019, 9:37 PM

                ok; to answer both of your questions:
                1: it is official I put a 4 when it is p3 my f'up
                2: I use linux version of putty and we don't get keygen/ don't need to convert.
                3 . password +public key login works
                4. I use ssh 2 as ssh 1 is a security risk/not good
                version of putty:
                Release 0.70

                Build platform: 64-bit Unix (GTK + X11)
                Compiler: gcc 7.3.0
                Compiled against GTK version 3.22.29
                Source commit: 3cd10509a51edf5a21cdc80aabf7e6a934522d47

                Copyright 1997-2017 Simon Tatham. All rights reserved

                besides the fix for the web login . i only use current version of pfsense.

                1 Reply Last reply Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz Jun 5, 2019, 1:56 AM Jun 5, 2019, 1:19 AM

                  @mod said in key based auth ssh issue:

                  3 . password +public key login works

                  That is not really an option.. If you set password and public key your just using password to auth..

                  2: I use linux version of putty and we don't get keygen/ don't need to convert.

                  Pretty sure you do..
                  https://www.ssh.com/ssh/putty/linux/puttygen

                  4

                  Yeah no idea why your bringing that up at all - yeah no shit everyone uses 2 ;)
                  BTW, current stable version of putty is .71

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received