Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    driving me mental, remote login to pfsense CLI to shutdown

    General pfSense Questions
    5
    43
    406
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      automate last edited by

      Hi All,

      Im trying to do a remote ssh into pfsense CLI to shutdown the machine. I added a key to allow a user to login, but when I issue the shutdown -h now, it says permission denied.

      I want to do this without using a password so that my parents can shut down this machine using a button in a home automation tool instead of going into the web UI and shutting down, which is painful.

      thanks

      J 1 Reply Last reply Reply Quote 0
      • J
        jdeloach @automate last edited by

        @automate Probably need to install the "sudo" package from package manager if it is not already installed and then issue the command 'sudo shutdown -h now'. I think this works for most variants of Linux, not sure about FreeBSD.

        Also you may or may not need the '-h' in the command.

        1 Reply Last reply Reply Quote 0
        • A
          automate last edited by

          thanks same issue :(

          i can login with 'ssh user@192.168.1.254' but when i put

          ssh user@192.168.1.254 'sudo shutdown -h now'

          It fails with:

          ssh nsautomate@192.168.1.254 sudo shutdown -h now

          We trust you have received the usual lecture from the local System
          Administrator. It usually boils down to these three things:

          #1) Respect the privacy of others.
          #2) Think before you type.
          #3) With great power comes great responsibility.
          

          sudo: no tty present and no askpass program specified

          A 1 Reply Last reply Reply Quote 0
          • A
            automate @automate last edited by

            Or this works, but asks me for a password!

            ssh -t nsautomate@192.168.1.254 "sudo shutdown -h now"

            1 Reply Last reply Reply Quote 0
            • stephenw10
              stephenw10 Netgate Administrator last edited by

              Have you configured sudo correctly?

              Does it work if you manually ssh into pfSense and then run the command?

              Steve

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                see your other thread... Where you said jimp instructions don't work ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                1 Reply Last reply Reply Quote 0
                • stephenw10
                  stephenw10 Netgate Administrator last edited by

                  Aha, so not configured correctly! 😉

                  1 Reply Last reply Reply Quote 0
                  • A
                    automate last edited by

                    Reinstalled the package and now I can execute the shutdown script without a password.

                    I still cannot login via ssh without a password, despite using the ssh-keygen utility and a copy of the key over. it works for a few minutes then stops working. Very bizzare!

                    1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator last edited by

                      I always login via public key when I ssh.. Not a fan of passwords and ssh - have had zero issue doing this on any pfsense going back to like 1 ;)

                      Your saying it lets you log in with public key, and then you go to login again and it doesn't? Do a ssh -vvv when you attempt to login.. what do you get? Or what does the pfsense log say about it after you can not login.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                      1 Reply Last reply Reply Quote 1
                      • A
                        automate last edited by

                        LOTS of output hahah!

                        nsautomate@ihp:/etc/openhab2/rules$ sudo -u openhab ssh -vvv nsautomate@192.168.1.254 'sudo shutdown -h now'
                        OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
                        debug1: Reading configuration data /etc/ssh/ssh_config
                        debug1: /etc/ssh/ssh_config line 19: Applying options for *
                        debug2: resolving "192.168.1.254" port 22
                        debug2: ssh_connect_direct: needpriv 0
                        debug1: Connecting to 192.168.1.254 [192.168.1.254] port 22.
                        debug1: Connection established.
                        debug1: key_load_public: No such file or directory
                        debug1: identity file /var/lib/openhab2/.ssh/id_rsa type -1
                        debug1: key_load_public: No such file or directory
                        debug1: identity file /var/lib/openhab2/.ssh/id_rsa-cert type -1
                        debug1: key_load_public: No such file or directory
                        debug1: identity file /var/lib/openhab2/.ssh/id_dsa type -1
                        debug1: key_load_public: No such file or directory
                        debug1: identity file /var/lib/openhab2/.ssh/id_dsa-cert type -1
                        debug1: key_load_public: No such file or directory
                        debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa type -1
                        debug1: key_load_public: No such file or directory
                        debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa-cert type -1
                        debug1: key_load_public: No such file or directory
                        debug1: identity file /var/lib/openhab2/.ssh/id_ed25519 type -1
                        debug1: key_load_public: No such file or directory
                        debug1: identity file /var/lib/openhab2/.ssh/id_ed25519-cert type -1
                        debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
                        debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5
                        debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
                        debug2: fd 3 setting O_NONBLOCK
                        debug1: Authenticating to 192.168.1.254:22 as 'nsautomate'
                        debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
                        debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
                        debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
                        debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
                        debug3: send packet: type 20
                        debug1: SSH2_MSG_KEXINIT sent
                        debug3: receive packet: type 20
                        debug1: SSH2_MSG_KEXINIT received
                        debug2: local client KEXINIT proposal
                        debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
                        debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
                        debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
                        debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
                        debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
                        debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
                        debug2: compression ctos: none,zlib@openssh.com,zlib
                        debug2: compression stoc: none,zlib@openssh.com,zlib
                        debug2: languages ctos:
                        debug2: languages stoc:
                        debug2: first_kex_follows 0
                        debug2: reserved 0
                        debug2: peer server KEXINIT proposal
                        debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
                        debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519
                        debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
                        debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
                        debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
                        debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
                        debug2: compression ctos: none,zlib@openssh.com
                        debug2: compression stoc: none,zlib@openssh.com
                        debug2: languages ctos:
                        debug2: languages stoc:
                        debug2: first_kex_follows 0
                        debug2: reserved 0
                        debug1: kex: algorithm: curve25519-sha256@libssh.org
                        debug1: kex: host key algorithm: ssh-ed25519
                        debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
                        debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
                        debug3: send packet: type 30
                        debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
                        debug3: receive packet: type 31
                        debug1: Server host key: ssh-ed25519 SHA256:4RCz4gQY4LJRdlMC2Y1ix0IqQp1zR/pQEo8gkSXC0sw
                        debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
                        debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
                        debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
                        debug1: Host '192.168.1.254' is known and matches the ED25519 host key.
                        debug1: Found key in /var/lib/openhab2/.ssh/known_hosts:1
                        debug3: send packet: type 21
                        debug2: set_newkeys: mode 1
                        debug1: rekey after 134217728 blocks
                        debug1: SSH2_MSG_NEWKEYS sent
                        debug1: expecting SSH2_MSG_NEWKEYS
                        debug3: receive packet: type 21
                        debug1: SSH2_MSG_NEWKEYS received
                        debug2: set_newkeys: mode 0
                        debug1: rekey after 134217728 blocks
                        debug2: key: /var/lib/openhab2/.ssh/id_rsa ((nil))
                        debug2: key: /var/lib/openhab2/.ssh/id_dsa ((nil))
                        debug2: key: /var/lib/openhab2/.ssh/id_ecdsa ((nil))
                        debug2: key: /var/lib/openhab2/.ssh/id_ed25519 ((nil))
                        debug3: send packet: type 5
                        debug3: receive packet: type 7
                        debug1: SSH2_MSG_EXT_INFO received
                        debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
                        debug3: receive packet: type 6
                        debug2: service_accept: ssh-userauth
                        debug1: SSH2_MSG_SERVICE_ACCEPT received
                        debug3: send packet: type 50
                        debug3: receive packet: type 51
                        debug1: Authentications that can continue: publickey,password,keyboard-interactive
                        debug3: start over, passed a different list publickey,password,keyboard-interactive
                        debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
                        debug3: authmethod_lookup publickey
                        debug3: remaining preferred: keyboard-interactive,password
                        debug3: authmethod_is_enabled publickey
                        debug1: Next authentication method: publickey
                        debug1: Trying private key: /var/lib/openhab2/.ssh/id_rsa
                        debug3: no such identity: /var/lib/openhab2/.ssh/id_rsa: No such file or directory
                        debug1: Trying private key: /var/lib/openhab2/.ssh/id_dsa
                        debug3: no such identity: /var/lib/openhab2/.ssh/id_dsa: No such file or directory
                        debug1: Trying private key: /var/lib/openhab2/.ssh/id_ecdsa
                        debug3: no such identity: /var/lib/openhab2/.ssh/id_ecdsa: No such file or directory
                        debug1: Trying private key: /var/lib/openhab2/.ssh/id_ed25519
                        debug3: no such identity: /var/lib/openhab2/.ssh/id_ed25519: No such file or directory
                        debug2: we did not send a packet, disable method
                        debug3: authmethod_lookup keyboard-interactive
                        debug3: remaining preferred: password
                        debug3: authmethod_is_enabled keyboard-interactive
                        debug1: Next authentication method: keyboard-interactive
                        debug2: userauth_kbdint
                        debug3: send packet: type 50
                        debug2: we sent a keyboard-interactive packet, wait for reply
                        debug3: receive packet: type 60
                        debug2: input_userauth_info_req
                        debug2: input_userauth_info_req: num_prompts 1
                        
                        1 Reply Last reply Reply Quote 0
                        • johnpoz
                          johnpoz LAYER 8 Global Moderator last edited by johnpoz

                          @automate said in driving me mental, remote login to pfsense CLI to shutdown:

                          debug1: Next authentication method: publickey
                          debug1: Trying private key: /var/lib/openhab2/.ssh/id_rsa
                          debug3: no such identity: /var/lib/openhab2/.ssh/id_rsa: No such file or directory
                          debug1: Trying private key: /var/lib/openhab2/.ssh/id_dsa
                          debug3: no such identity: /var/lib/openhab2/.ssh/id_dsa: No such file or directory
                          debug1: Trying private key: /var/lib/openhab2/.ssh/id_ecdsa
                          debug3: no such identity: /var/lib/openhab2/.ssh/id_ecdsa: No such file or directory
                          debug1: Trying private key: /var/lib/openhab2/.ssh/id_ed25519
                          debug3: no such identity: /var/lib/openhab2/.ssh/id_ed25519: No such file or directory
                          debug2: we did not send a packet, disable method

                          Well your not sending your public key - so yeah going to fail!

                          debug1: Offering public key: /home/johnpoz/.ssh/id_ed25519 ED25519 SHA256:y1pJFK<snipped>
                          debug3: send packet: type 50
                          debug2: we sent a publickey packet, wait for reply
                          debug3: receive packet: type 60
                          debug1: Server accepts key: /home/johnpoz/.ssh/id_ed25519 ED25519 SHA256:y1pJF<snipped>
                          debug3: sign_and_send_pubkey: ED25519 SHA256:y1pJFKtYk+f2<snipped>
                          debug3: sign_and_send_pubkey: signing using ssh-ed25519
                          debug3: send packet: type 50
                          debug3: receive packet: type 52
                          debug1: Authentication succeeded (publickey).
                          Authenticated to sg4860.local.lan ([192.168.9.253]:22).
                          

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                          1 Reply Last reply Reply Quote 0
                          • A
                            automate last edited by

                            scratching head

                            Im not sure what im doing wrong. Can you point me to some kind of tutorial john to do that? I was under the impression i was

                            1 Reply Last reply Reply Quote 0
                            • johnpoz
                              johnpoz LAYER 8 Global Moderator last edited by johnpoz

                              If your environment doesn't auto find the key to send, then you would have to call it out in your cmd line for ssh.

                              btw: you don't need to send that direct command, you can just run /etc/rc.halt

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                              1 Reply Last reply Reply Quote 0
                              • A
                                automate last edited by

                                I followed this:

                                https://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/

                                1 Reply Last reply Reply Quote 0
                                • johnpoz
                                  johnpoz LAYER 8 Global Moderator last edited by johnpoz

                                  Yeah those guides tell you how to set it up, no need for me to even read it - but your ssh client has to know where the key it is to use.. See how it pulls my key from my home dir..

                                  Setup your local environment to use the key(s) you want.. Be it windows or linux... Im running openssh client on windows..

                                  There is a .ssh dir in c:\users\username - this is where you keys would normally go

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    automate last edited by

                                    Thats not going to work.

                                    This is a non interactive setup, what happens is my linux machine (with openhab) runs a script which executes this command as the 'nsautomate' user.

                                    Theres no ability for me to specify keys etc, because its not occuring like that.

                                    What im doing right now is simply 'testing' the command via a shell, but the end state is the openhab user will run this command

                                    1 Reply Last reply Reply Quote 0
                                    • johnpoz
                                      johnpoz LAYER 8 Global Moderator last edited by

                                      Well its going to have to be able to send the key, or how would it possible to auth..

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        automate last edited by automate

                                        i thought the keys were saved using the link i mentioned above to the local and remote machine, so when it logs in, its there. That was the whole point.

                                        I used the ssh copy etc

                                        1 Reply Last reply Reply Quote 0
                                        • johnpoz
                                          johnpoz LAYER 8 Global Moderator last edited by johnpoz

                                          I think you should research how public key auths.. Yes there is part on the server that you saved on pfsense, but the client has to send the other part to actually auth.

                                          Running this on linux you can call out in the path directly or the envirnoment of the user running ssh would have it in their path.. You can see when you ran the script where it looked for the key.. Place your private side there.

                                          when you ran the cmd it was looking here for keys it could send
                                          Trying private key: /var/lib/openhab2

                                          yeah when you created the keys, sure you saved it somewhere - but it has to be specified where it is and its name in the cmd you run, or the enviornment of the system needs to know where to find it, ie your /var/lib/openhab2 dir is where it was looking for the keys it could send because you didn't call it out in the cmd.

                                          -i would call out path/file to use to auth with from the cmd line with ssh

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                          A 1 Reply Last reply Reply Quote 0
                                          • A
                                            automate @johnpoz last edited by

                                            @johnpoz OK, so i copied the key to that directory and the same issue persists.

                                            1 Reply Last reply Reply Quote 0
                                            • johnpoz
                                              johnpoz LAYER 8 Global Moderator last edited by

                                              And your sending the key - what does -vvv show you for the process

                                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                                              If you get confused: Listen to the Music Play
                                              Please don't Chat/PM me for help, unless mod related
                                              SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                              1 Reply Last reply Reply Quote 0
                                              • A
                                                automate last edited by

                                                After the copy...

                                                nsautomate@ihp:/etc/openhab2/rules$ sudo -u openhab ssh -vvv nsautomate@192.168.1.254 'sudo etc/rc.halt'
                                                OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
                                                debug1: Reading configuration data /etc/ssh/ssh_config
                                                debug1: /etc/ssh/ssh_config line 19: Applying options for *
                                                debug2: resolving "192.168.1.254" port 22
                                                debug2: ssh_connect_direct: needpriv 0
                                                debug1: Connecting to 192.168.1.254 [192.168.1.254] port 22.
                                                debug1: Connection established.
                                                debug1: identity file /var/lib/openhab2/.ssh/id_rsa type 0
                                                debug1: key_load_public: No such file or directory
                                                debug1: identity file /var/lib/openhab2/.ssh/id_rsa-cert type -1
                                                debug1: key_load_public: No such file or directory
                                                debug1: identity file /var/lib/openhab2/.ssh/id_dsa type -1
                                                debug1: key_load_public: No such file or directory
                                                debug1: identity file /var/lib/openhab2/.ssh/id_dsa-cert type -1
                                                debug1: key_load_public: No such file or directory
                                                debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa type -1
                                                debug1: key_load_public: No such file or directory
                                                debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa-cert type -1
                                                debug1: key_load_public: No such file or directory
                                                debug1: identity file /var/lib/openhab2/.ssh/id_ed25519 type -1
                                                debug1: key_load_public: No such file or directory
                                                debug1: identity file /var/lib/openhab2/.ssh/id_ed25519-cert type -1
                                                debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
                                                debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5
                                                debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
                                                debug2: fd 3 setting O_NONBLOCK
                                                debug1: Authenticating to 192.168.1.254:22 as 'nsautomate'
                                                debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
                                                debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
                                                debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
                                                debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
                                                debug3: send packet: type 20
                                                debug1: SSH2_MSG_KEXINIT sent
                                                debug3: receive packet: type 20
                                                debug1: SSH2_MSG_KEXINIT received
                                                debug2: local client KEXINIT proposal
                                                debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
                                                debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
                                                debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
                                                debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
                                                debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
                                                debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
                                                debug2: compression ctos: none,zlib@openssh.com,zlib
                                                debug2: compression stoc: none,zlib@openssh.com,zlib
                                                debug2: languages ctos:
                                                debug2: languages stoc:
                                                debug2: first_kex_follows 0
                                                debug2: reserved 0
                                                debug2: peer server KEXINIT proposal
                                                debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
                                                debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519
                                                debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
                                                debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
                                                debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
                                                debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
                                                debug2: compression ctos: none,zlib@openssh.com
                                                debug2: compression stoc: none,zlib@openssh.com
                                                debug2: languages ctos:
                                                debug2: languages stoc:
                                                debug2: first_kex_follows 0
                                                debug2: reserved 0
                                                debug1: kex: algorithm: curve25519-sha256@libssh.org
                                                debug1: kex: host key algorithm: ssh-ed25519
                                                debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
                                                debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
                                                debug3: send packet: type 30
                                                debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
                                                debug3: receive packet: type 31
                                                debug1: Server host key: ssh-ed25519 SHA256:4RCz4gQY4LJRdlMC2Y1ix0IqQp1zR/pQEo8gkSXC0sw
                                                debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
                                                debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
                                                debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
                                                debug1: Host '192.168.1.254' is known and matches the ED25519 host key.
                                                debug1: Found key in /var/lib/openhab2/.ssh/known_hosts:1
                                                debug3: send packet: type 21
                                                debug2: set_newkeys: mode 1
                                                debug1: rekey after 134217728 blocks
                                                debug1: SSH2_MSG_NEWKEYS sent
                                                debug1: expecting SSH2_MSG_NEWKEYS
                                                debug3: receive packet: type 21
                                                debug1: SSH2_MSG_NEWKEYS received
                                                debug2: set_newkeys: mode 0
                                                debug1: rekey after 134217728 blocks
                                                debug2: key: /var/lib/openhab2/.ssh/id_rsa (0x5628d47cd480)
                                                debug2: key: /var/lib/openhab2/.ssh/id_dsa ((nil))
                                                debug2: key: /var/lib/openhab2/.ssh/id_ecdsa ((nil))
                                                debug2: key: /var/lib/openhab2/.ssh/id_ed25519 ((nil))
                                                debug3: send packet: type 5
                                                debug3: receive packet: type 7
                                                debug1: SSH2_MSG_EXT_INFO received
                                                debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
                                                debug3: receive packet: type 6
                                                debug2: service_accept: ssh-userauth
                                                debug1: SSH2_MSG_SERVICE_ACCEPT received
                                                debug3: send packet: type 50
                                                debug3: receive packet: type 51
                                                debug1: Authentications that can continue: publickey,password,keyboard-interactive
                                                debug3: start over, passed a different list publickey,password,keyboard-interactive
                                                debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
                                                debug3: authmethod_lookup publickey
                                                debug3: remaining preferred: keyboard-interactive,password
                                                debug3: authmethod_is_enabled publickey
                                                debug1: Next authentication method: publickey
                                                debug1: Offering public key: RSA SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4 /var/lib/openhab2/.ssh/id_rsa
                                                debug3: send_pubkey_test
                                                debug3: send packet: type 50
                                                debug2: we sent a publickey packet, wait for reply
                                                debug3: receive packet: type 60
                                                debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
                                                debug2: input_userauth_pk_ok: fp SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4
                                                debug3: sign_and_send_pubkey: RSA SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4
                                                debug3: no such identity: /var/lib/openhab2/.ssh/id_rsa: No such file or directory
                                                debug1: Trying private key: /var/lib/openhab2/.ssh/id_dsa
                                                debug3: no such identity: /var/lib/openhab2/.ssh/id_dsa: No such file or directory
                                                debug1: Trying private key: /var/lib/openhab2/.ssh/id_ecdsa
                                                debug3: no such identity: /var/lib/openhab2/.ssh/id_ecdsa: No such file or directory
                                                debug1: Trying private key: /var/lib/openhab2/.ssh/id_ed25519
                                                debug3: no such identity: /var/lib/openhab2/.ssh/id_ed25519: No such file or directory
                                                debug2: we did not send a packet, disable method
                                                debug3: authmethod_lookup keyboard-interactive
                                                debug3: remaining preferred: password
                                                debug3: authmethod_is_enabled keyboard-interactive
                                                debug1: Next authentication method: keyboard-interactive
                                                debug2: userauth_kbdint
                                                debug3: send packet: type 50
                                                debug2: we sent a keyboard-interactive packet, wait for reply
                                                debug3: receive packet: type 60
                                                debug2: input_userauth_info_req
                                                debug2: input_userauth_info_req: num_prompts 1
                                                Password for nsautomate@pfSense.rkeen.ddns.net:
                                                
                                                1 Reply Last reply Reply Quote 0
                                                • johnpoz
                                                  johnpoz LAYER 8 Global Moderator last edited by

                                                  And as you can clearly SEE, its not finding it..

                                                  debug3: no such identity: /var/lib/openhab2/.ssh/id_rsa: No such file or directory
                                                  debug1: Trying private key: /var/lib/openhab2/.ssh/id_dsa
                                                  debug3: no such identity: /var/lib/openhab2/.ssh/id_dsa: No such file or directory
                                                  debug1: Trying private key: /var/lib/openhab2/.ssh/id_ecdsa
                                                  debug3: no such identity: /var/lib/openhab2/.ssh/id_ecdsa: No such file or directory
                                                  debug1: Trying private key: /var/lib/openhab2/.ssh/id_ed25519
                                                  debug3: no such identity: /var/lib/openhab2/.ssh/id_ed25519: No such file or directory
                                                  

                                                  I am not understanding what part your getting lost in here.. the debug clearly shows you nothing is being sent.. So how could you auth??

                                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                  If you get confused: Listen to the Music Play
                                                  Please don't Chat/PM me for help, unless mod related
                                                  SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                  1 Reply Last reply Reply Quote 0
                                                  • A
                                                    automate last edited by

                                                    I copied as you mentioned, it shows id_rsa.pub under the folder it was looking for and theres a key in there.

                                                    1 Reply Last reply Reply Quote 0
                                                    • johnpoz
                                                      johnpoz LAYER 8 Global Moderator last edited by johnpoz

                                                      Oh it did send something.

                                                      debug2: we sent a publickey packet, wait for reply
                                                      debug3: receive packet: type 60
                                                      debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
                                                      debug2: input_userauth_pk_ok: fp SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4
                                                      debug3: sign_and_send_pubkey: RSA SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4
                                                      

                                                      But don't think it liked it ;)

                                                      Give me a sec to digest

                                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                      If you get confused: Listen to the Music Play
                                                      Please don't Chat/PM me for help, unless mod related
                                                      SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                      1 Reply Last reply Reply Quote 0
                                                      • A
                                                        automate last edited by automate

                                                        of course it didnt. You need to be a brain surgeon with a degree in rocket science to get this sh1t working. Seriously wheres the nearest cliff so I can throw myself and the machine off it!

                                                        1 Reply Last reply Reply Quote 0
                                                        • johnpoz
                                                          johnpoz LAYER 8 Global Moderator last edited by

                                                          No you don't need to be a brain surgeon... This pretty basic stuff ;)

                                                          RSA - yeah prob no longer even accepted.. that guide is from what 2015...

                                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                          If you get confused: Listen to the Music Play
                                                          Please don't Chat/PM me for help, unless mod related
                                                          SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                          1 Reply Last reply Reply Quote 0
                                                          • A
                                                            automate last edited by

                                                            Well its taken me 12hrs and I cant get it working, so its not really basic at all.
                                                            Im outta ideas, thanks anyway john

                                                            1 Reply Last reply Reply Quote 0
                                                            • johnpoz
                                                              johnpoz LAYER 8 Global Moderator last edited by

                                                              Public key auth is pretty freaking basic stuff.. But yes you have to understand how it works ;)

                                                              Just randomly following some guide from 4 years ago, prob going to have issues.

                                                              It doesn't like your OLD sha2 sig for one thing, and there were some known bugs with that for sure
                                                              https://bugzilla.mindrot.org/show_bug.cgi?id=2799

                                                              I would create some current stuff, and redo it... You know say ed25519

                                                              If you want I have ubuntu could show you the commands to create current stuff ;)

                                                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                              If you get confused: Listen to the Music Play
                                                              Please don't Chat/PM me for help, unless mod related
                                                              SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                              1 Reply Last reply Reply Quote 0
                                                              • johnpoz
                                                                johnpoz LAYER 8 Global Moderator last edited by

                                                                here this took all of 2 minutes to get running.

                                                                user@uc:~$ ssh-keygen -o -t ed25519
                                                                Generating public/private ed25519 key pair.
                                                                Enter file in which to save the key (/home/user/.ssh/id_ed25519): 
                                                                Enter passphrase (empty for no passphrase): 
                                                                Enter same passphrase again: 
                                                                Your identification has been saved in /home/user/.ssh/id_ed25519.
                                                                Your public key has been saved in /home/user/.ssh/id_ed25519.pub.
                                                                The key fingerprint is:
                                                                SHA256:EjqswC3vT2iA0ndVqSdPcljQikuHBl1HMjEp64vRl70 user@uc
                                                                The key's randomart image is:
                                                                +--[ED25519 256]--+
                                                                |     . .B*+.     |
                                                                |    . o .*+      |
                                                                |     ..=.=       |
                                                                |o... .*oB +      |
                                                                |++..==ooSX       |
                                                                |..+ooo+.o o      |
                                                                |  .+ + o   .     |
                                                                |  o o .   E      |
                                                                |   ...           |
                                                                +----[SHA256]-----+
                                                                user@uc:~$ 
                                                                

                                                                keyinusertest.png

                                                                login

                                                                user@uc:~$ ssh test@192.168.9.253
                                                                [2.4.4-RELEASE][test@sg4860.local.lan]/home/test: 
                                                                

                                                                here is debug info of the public key auth

                                                                debug1: Offering ED25519 public key: /home/user/.ssh/id_ed25519
                                                                debug3: send_pubkey_test
                                                                debug3: send packet: type 50
                                                                debug2: we sent a publickey packet, wait for reply
                                                                debug3: receive packet: type 60
                                                                debug1: Server accepts key: pkalg ssh-ed25519 blen 51
                                                                debug2: input_userauth_pk_ok: fp SHA256:EjqswC3vT2iA0ndVqSdPcljQikuHBl1HMjEp64vRl70
                                                                debug3: sign_and_send_pubkey: ED25519 SHA256:EjqswC3vT2iA0ndVqSdPcljQikuHBl1HMjEp64vRl70
                                                                debug3: send packet: type 50
                                                                debug3: receive packet: type 52
                                                                debug1: Authentication succeeded (publickey).
                                                                Authenticated to 192.168.9.253 ([192.168.9.253]:22).
                                                                

                                                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                                If you get confused: Listen to the Music Play
                                                                Please don't Chat/PM me for help, unless mod related
                                                                SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                                A 1 Reply Last reply Reply Quote 0
                                                                • johnpoz
                                                                  johnpoz LAYER 8 Global Moderator last edited by

                                                                  yeah so just tried with rsa key, ie the guide you "followed"

                                                                  debug1: Offering RSA public key: /home/user/.ssh/id_rsa
                                                                  debug3: send_pubkey_test
                                                                  debug3: send packet: type 50
                                                                  debug2: we sent a publickey packet, wait for reply
                                                                  debug3: receive packet: type 51
                                                                  

                                                                  See the type 51 response - tells you failed...

                                                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                                  If you get confused: Listen to the Music Play
                                                                  Please don't Chat/PM me for help, unless mod related
                                                                  SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • A
                                                                    automate @johnpoz last edited by

                                                                    @johnpoz Hello, i did exactly what you've posted. I copied the key to the folder as below:

                                                                    sudo cp /home/nsautomate/.ssh/id_ed25519.pub /var/lib/openhab2 & to .ssh folder
                                                                    

                                                                    And updated the user in the Gui with the new key value.

                                                                    Still doesnt work, wants a password

                                                                    
                                                                    nsautomate@ihp:~$ sudo -u openhab ssh -vvv nsautomate@192.168.1.254 'sudo etc/rc.halt'
                                                                    OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
                                                                    debug1: Reading configuration data /etc/ssh/ssh_config
                                                                    debug1: /etc/ssh/ssh_config line 19: Applying options for *
                                                                    debug2: resolving "192.168.1.254" port 22
                                                                    debug2: ssh_connect_direct: needpriv 0
                                                                    debug1: Connecting to 192.168.1.254 [192.168.1.254] port 22.
                                                                    debug1: Connection established.
                                                                    debug1: identity file /var/lib/openhab2/.ssh/id_rsa type 0
                                                                    debug1: key_load_public: No such file or directory
                                                                    debug1: identity file /var/lib/openhab2/.ssh/id_rsa-cert type -1
                                                                    debug1: key_load_public: No such file or directory
                                                                    debug1: identity file /var/lib/openhab2/.ssh/id_dsa type -1
                                                                    debug1: key_load_public: No such file or directory
                                                                    debug1: identity file /var/lib/openhab2/.ssh/id_dsa-cert type -1
                                                                    debug1: key_load_public: No such file or directory
                                                                    debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa type -1
                                                                    debug1: key_load_public: No such file or directory
                                                                    debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa-cert type -1
                                                                    debug1: identity file /var/lib/openhab2/.ssh/id_ed25519 type 3
                                                                    debug1: key_load_public: No such file or directory
                                                                    debug1: identity file /var/lib/openhab2/.ssh/id_ed25519-cert type -1
                                                                    debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
                                                                    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5
                                                                    debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
                                                                    debug2: fd 3 setting O_NONBLOCK
                                                                    debug1: Authenticating to 192.168.1.254:22 as 'nsautomate'
                                                                    debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
                                                                    debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
                                                                    debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
                                                                    debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
                                                                    debug3: send packet: type 20
                                                                    debug1: SSH2_MSG_KEXINIT sent
                                                                    debug3: receive packet: type 20
                                                                    debug1: SSH2_MSG_KEXINIT received
                                                                    debug2: local client KEXINIT proposal
                                                                    debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
                                                                    debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
                                                                    debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
                                                                    debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
                                                                    debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
                                                                    debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
                                                                    debug2: compression ctos: none,zlib@openssh.com,zlib
                                                                    debug2: compression stoc: none,zlib@openssh.com,zlib
                                                                    debug2: languages ctos:
                                                                    debug2: languages stoc:
                                                                    debug2: first_kex_follows 0
                                                                    debug2: reserved 0
                                                                    debug2: peer server KEXINIT proposal
                                                                    debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
                                                                    debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519
                                                                    debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
                                                                    debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
                                                                    debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
                                                                    debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
                                                                    debug2: compression ctos: none,zlib@openssh.com
                                                                    debug2: compression stoc: none,zlib@openssh.com
                                                                    debug2: languages ctos:
                                                                    debug2: languages stoc:
                                                                    debug2: first_kex_follows 0
                                                                    debug2: reserved 0
                                                                    debug1: kex: algorithm: curve25519-sha256@libssh.org
                                                                    debug1: kex: host key algorithm: ssh-ed25519
                                                                    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
                                                                    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
                                                                    debug3: send packet: type 30
                                                                    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
                                                                    debug3: receive packet: type 31
                                                                    debug1: Server host key: ssh-ed25519 SHA256:4RCz4gQY4LJRdlMC2Y1ix0IqQp1zR/pQEo8gkSXC0sw
                                                                    debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
                                                                    debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
                                                                    debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
                                                                    debug1: Host '192.168.1.254' is known and matches the ED25519 host key.
                                                                    debug1: Found key in /var/lib/openhab2/.ssh/known_hosts:1
                                                                    debug3: send packet: type 21
                                                                    debug2: set_newkeys: mode 1
                                                                    debug1: rekey after 134217728 blocks
                                                                    debug1: SSH2_MSG_NEWKEYS sent
                                                                    debug1: expecting SSH2_MSG_NEWKEYS
                                                                    debug3: receive packet: type 21
                                                                    debug1: SSH2_MSG_NEWKEYS received
                                                                    debug2: set_newkeys: mode 0
                                                                    debug1: rekey after 134217728 blocks
                                                                    debug2: key: /var/lib/openhab2/.ssh/id_rsa (0x560090f89480)
                                                                    debug2: key: /var/lib/openhab2/.ssh/id_dsa ((nil))
                                                                    debug2: key: /var/lib/openhab2/.ssh/id_ecdsa ((nil))
                                                                    debug2: key: /var/lib/openhab2/.ssh/id_ed25519 (0x560090f88a80)
                                                                    debug3: send packet: type 5
                                                                    debug3: receive packet: type 7
                                                                    debug1: SSH2_MSG_EXT_INFO received
                                                                    debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
                                                                    debug3: receive packet: type 6
                                                                    debug2: service_accept: ssh-userauth
                                                                    debug1: SSH2_MSG_SERVICE_ACCEPT received
                                                                    debug3: send packet: type 50
                                                                    debug3: receive packet: type 51
                                                                    debug1: Authentications that can continue: publickey,password,keyboard-interactive
                                                                    debug3: start over, passed a different list publickey,password,keyboard-interactive
                                                                    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
                                                                    debug3: authmethod_lookup publickey
                                                                    debug3: remaining preferred: keyboard-interactive,password
                                                                    debug3: authmethod_is_enabled publickey
                                                                    debug1: Next authentication method: publickey
                                                                    debug1: Offering public key: RSA SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4 /var/lib/openhab2/.ssh/id_rsa
                                                                    debug3: send_pubkey_test
                                                                    debug3: send packet: type 50
                                                                    debug2: we sent a publickey packet, wait for reply
                                                                    debug3: receive packet: type 51
                                                                    debug1: Authentications that can continue: publickey,password,keyboard-interactive
                                                                    debug1: Trying private key: /var/lib/openhab2/.ssh/id_dsa
                                                                    debug3: no such identity: /var/lib/openhab2/.ssh/id_dsa: No such file or directory
                                                                    debug1: Trying private key: /var/lib/openhab2/.ssh/id_ecdsa
                                                                    debug3: no such identity: /var/lib/openhab2/.ssh/id_ecdsa: No such file or directory
                                                                    debug1: Offering public key: ED25519 SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k /var/lib/openhab2/.ssh/id_ed25519
                                                                    debug3: send_pubkey_test
                                                                    debug3: send packet: type 50
                                                                    debug2: we sent a publickey packet, wait for reply
                                                                    debug3: receive packet: type 60
                                                                    debug1: Server accepts key: pkalg ssh-ed25519 blen 51
                                                                    debug2: input_userauth_pk_ok: fp SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k
                                                                    debug3: sign_and_send_pubkey: ED25519 SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k
                                                                    debug3: no such identity: /var/lib/openhab2/.ssh/id_ed25519: No such file or directory
                                                                    debug2: we did not send a packet, disable method
                                                                    debug3: authmethod_lookup keyboard-interactive
                                                                    debug3: remaining preferred: password
                                                                    debug3: authmethod_is_enabled keyboard-interactive
                                                                    debug1: Next authentication method: keyboard-interactive
                                                                    debug2: userauth_kbdint
                                                                    debug3: send packet: type 50
                                                                    debug2: we sent a keyboard-interactive packet, wait for reply
                                                                    debug3: receive packet: type 60
                                                                    debug2: input_userauth_info_req
                                                                    debug2: input_userauth_info_req: num_prompts 1
                                                                    Password for nsautomate@pfSense.rkeen.ddns.net:
                                                                    
                                                                    A 1 Reply Last reply Reply Quote 0
                                                                    • A
                                                                      automate @automate last edited by

                                                                      @automate said in driving me mental, remote login to pfsense CLI to shutdown:

                                                                      /var/lib/openhab2/.ssh/id_ed25519

                                                                      Looks like it doesnt like loading it from that directory

                                                                      debug2: input_userauth_pk_ok: fp SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k
                                                                      debug3: sign_and_send_pubkey: ED25519 SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k
                                                                      Load key "/var/lib/openhab2/.ssh/id_ed25519": Permission denied

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • johnpoz
                                                                        johnpoz LAYER 8 Global Moderator last edited by

                                                                        What are the permissions on the file? Why are you trying to use a different user and then another user to auth with?

                                                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                                        If you get confused: Listen to the Music Play
                                                                        Please don't Chat/PM me for help, unless mod related
                                                                        SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                                        A 1 Reply Last reply Reply Quote 0
                                                                        • A
                                                                          automate @johnpoz last edited by

                                                                          @johnpoz

                                                                          The linux server has software on it called openhab. That software executes its scripts, or rules, using the openhab user. This is a home automation package.

                                                                          So, the openhab user executes the command but logs in with 'nsautomate'

                                                                          nsautomate@ihp:~$ sudo ls -la /var/lib/openhab2/.ssh/id_ed25519
                                                                          -rw------- 1 root root 411 Aug  5 10:39 /var/lib/openhab2/.ssh/id_ed25519
                                                                          nsautomate@ihp:~$
                                                                          
                                                                          
                                                                          1 Reply Last reply Reply Quote 0
                                                                          • johnpoz
                                                                            johnpoz LAYER 8 Global Moderator last edited by

                                                                            that seems pointless.. if the user account openhab is going to run the command, just create that user on pfsense and use it to auth with and run the halt cmd.

                                                                            Only root can access that file, per the permissions on it.

                                                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                                            If you get confused: Listen to the Music Play
                                                                            Please don't Chat/PM me for help, unless mod related
                                                                            SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                                            1 Reply Last reply Reply Quote 1
                                                                            • A
                                                                              automate last edited by automate

                                                                              Cool, that appears to have worked. However, its shut down pfsense but not powered off the unit, like it does if you select 'halt' from the GUI. I can still ping it but not SSH to it and its still forwarding packets despite a CLI message saying its being shut down??

                                                                              Is there an alternate command that shuts the whole system down gracefully?

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • Derelict
                                                                                Derelict LAYER 8 Netgate last edited by

                                                                                What kind of hardware?

                                                                                You probably want shutdown -p now

                                                                                https://www.freebsd.org/cgi/man.cgi?query=shutdown&manpath=FreeBSD+11.2-RELEASE

                                                                                Chattanooga, Tennessee, USA
                                                                                The pfSense Book is free of charge!
                                                                                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                                                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                                                                A 1 Reply Last reply Reply Quote 1
                                                                                • johnpoz
                                                                                  johnpoz LAYER 8 Global Moderator last edited by

                                                                                  He has something running on linux that he wants to ssh into pfsense using public key auth and run the rc.halt

                                                                                  Which works just fine I have tested your old thread, on a VM running 2.4.4p3 - takes all of 30 seconds to setup.

                                                                                  He is having a problem using public key auth in general.

                                                                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                                                  If you get confused: Listen to the Music Play
                                                                                  Please don't Chat/PM me for help, unless mod related
                                                                                  SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                                                  1 Reply Last reply Reply Quote 1
                                                                                  • Derelict
                                                                                    Derelict LAYER 8 Netgate last edited by

                                                                                    Sounds like he got it working but didn't get a power off. /etc/rc.halt is probably a better option.

                                                                                    Chattanooga, Tennessee, USA
                                                                                    The pfSense Book is free of charge!
                                                                                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                                                                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                                                                    1 Reply Last reply Reply Quote 1
                                                                                    • First post
                                                                                      Last post