Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    driving me mental, remote login to pfsense CLI to shutdown

    Scheduled Pinned Locked Moved General pfSense Questions
    43 Posts 5 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      automate
      last edited by

      After the copy...

      nsautomate@ihp:/etc/openhab2/rules$ sudo -u openhab ssh -vvv nsautomate@192.168.1.254 'sudo etc/rc.halt'
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.254" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.254 [192.168.1.254] port 22.
debug1: Connection established.
debug1: identity file /var/lib/openhab2/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5
debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.254:22 as 'nsautomate'
debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-ed25519 SHA256:4RCz4gQY4LJRdlMC2Y1ix0IqQp1zR/pQEo8gkSXC0sw
debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
debug1: Host '192.168.1.254' is known and matches the ED25519 host key.
debug1: Found key in /var/lib/openhab2/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /var/lib/openhab2/.ssh/id_rsa (0x5628d47cd480)
debug2: key: /var/lib/openhab2/.ssh/id_dsa ((nil))
debug2: key: /var/lib/openhab2/.ssh/id_ecdsa ((nil))
debug2: key: /var/lib/openhab2/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4 /var/lib/openhab2/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4
debug3: sign_and_send_pubkey: RSA SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4
debug3: no such identity: /var/lib/openhab2/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /var/lib/openhab2/.ssh/id_dsa
debug3: no such identity: /var/lib/openhab2/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /var/lib/openhab2/.ssh/id_ecdsa
debug3: no such identity: /var/lib/openhab2/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /var/lib/openhab2/.ssh/id_ed25519
debug3: no such identity: /var/lib/openhab2/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password for nsautomate@pfSense.rkeen.ddns.net:
      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        And as you can clearly SEE, its not finding it..

        debug3: no such identity: /var/lib/openhab2/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /var/lib/openhab2/.ssh/id_dsa
debug3: no such identity: /var/lib/openhab2/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /var/lib/openhab2/.ssh/id_ecdsa
debug3: no such identity: /var/lib/openhab2/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /var/lib/openhab2/.ssh/id_ed25519
debug3: no such identity: /var/lib/openhab2/.ssh/id_ed25519: No such file or directory

        I am not understanding what part your getting lost in here.. the debug clearly shows you nothing is being sent.. So how could you auth??

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • A
          automate
          last edited by

          I copied as you mentioned, it shows id_rsa.pub under the folder it was looking for and theres a key in there.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            Oh it did send something.

            debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4
debug3: sign_and_send_pubkey: RSA SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4

            But don't think it liked it ;)

            Give me a sec to digest

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • A
              automate
              last edited by automate

              of course it didnt. You need to be a brain surgeon with a degree in rocket science to get this sh1t working. Seriously wheres the nearest cliff so I can throw myself and the machine off it!

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                No you don't need to be a brain surgeon... This pretty basic stuff ;)

                RSA - yeah prob no longer even accepted.. that guide is from what 2015...

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • A
                  automate
                  last edited by

                  Well its taken me 12hrs and I cant get it working, so its not really basic at all.
                  Im outta ideas, thanks anyway john

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Public key auth is pretty freaking basic stuff.. But yes you have to understand how it works ;)

                    Just randomly following some guide from 4 years ago, prob going to have issues.

                    It doesn't like your OLD sha2 sig for one thing, and there were some known bugs with that for sure
                    https://bugzilla.mindrot.org/show_bug.cgi?id=2799

                    I would create some current stuff, and redo it... You know say ed25519

                    If you want I have ubuntu could show you the commands to create current stuff ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      here this took all of 2 minutes to get running.

                      user@uc:~$ ssh-keygen -o -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/user/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_ed25519.
Your public key has been saved in /home/user/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:EjqswC3vT2iA0ndVqSdPcljQikuHBl1HMjEp64vRl70 user@uc
The key's randomart image is:
+--[ED25519 256]--+
|     . .B*+.     |
|    . o .*+      |
|     ..=.=       |
|o... .*oB +      |
|++..==ooSX       |
|..+ooo+.o o      |
|  .+ + o   .     |
|  o o .   E      |
|   ...           |
+----[SHA256]-----+
user@uc:~$

                      keyinusertest.png

                      login

                      user@uc:~$ ssh test@192.168.9.253
[2.4.4-RELEASE][test@sg4860.local.lan]/home/test:

                      here is debug info of the public key auth

                      debug1: Offering ED25519 public key: /home/user/.ssh/id_ed25519
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-ed25519 blen 51
debug2: input_userauth_pk_ok: fp SHA256:EjqswC3vT2iA0ndVqSdPcljQikuHBl1HMjEp64vRl70
debug3: sign_and_send_pubkey: ED25519 SHA256:EjqswC3vT2iA0ndVqSdPcljQikuHBl1HMjEp64vRl70
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.9.253 ([192.168.9.253]:22).

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      A 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        yeah so just tried with rsa key, ie the guide you "followed"

                        debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51

                        See the type 51 response - tells you failed...

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        1 Reply Last reply Reply Quote 0
                        • A
                          automate @johnpoz
                          last edited by

                          @johnpoz Hello, i did exactly what you've posted. I copied the key to the folder as below:

                          sudo cp /home/nsautomate/.ssh/id_ed25519.pub /var/lib/openhab2 & to .ssh folder

                          And updated the user in the Gui with the new key value.

                          Still doesnt work, wants a password

                          
nsautomate@ihp:~$ sudo -u openhab ssh -vvv nsautomate@192.168.1.254 'sudo etc/rc.halt'
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.254" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.254 [192.168.1.254] port 22.
debug1: Connection established.
debug1: identity file /var/lib/openhab2/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_ecdsa-cert type -1
debug1: identity file /var/lib/openhab2/.ssh/id_ed25519 type 3
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5
debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.254:22 as 'nsautomate'
debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-ed25519 SHA256:4RCz4gQY4LJRdlMC2Y1ix0IqQp1zR/pQEo8gkSXC0sw
debug3: hostkeys_foreach: reading file "/var/lib/openhab2/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /var/lib/openhab2/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 192.168.1.254
debug1: Host '192.168.1.254' is known and matches the ED25519 host key.
debug1: Found key in /var/lib/openhab2/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /var/lib/openhab2/.ssh/id_rsa (0x560090f89480)
debug2: key: /var/lib/openhab2/.ssh/id_dsa ((nil))
debug2: key: /var/lib/openhab2/.ssh/id_ecdsa ((nil))
debug2: key: /var/lib/openhab2/.ssh/id_ed25519 (0x560090f88a80)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:9I6DoJ7tHV07ZgZZlNYbiEFHT2BlRHFOp2rhQ+GI8I4 /var/lib/openhab2/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /var/lib/openhab2/.ssh/id_dsa
debug3: no such identity: /var/lib/openhab2/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /var/lib/openhab2/.ssh/id_ecdsa
debug3: no such identity: /var/lib/openhab2/.ssh/id_ecdsa: No such file or directory
debug1: Offering public key: ED25519 SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k /var/lib/openhab2/.ssh/id_ed25519
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-ed25519 blen 51
debug2: input_userauth_pk_ok: fp SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k
debug3: sign_and_send_pubkey: ED25519 SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k
debug3: no such identity: /var/lib/openhab2/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password for nsautomate@pfSense.rkeen.ddns.net:
                          A 1 Reply Last reply Reply Quote 0
                          • A
                            automate @automate
                            last edited by

                            @automate said in driving me mental, remote login to pfsense CLI to shutdown:

                            /var/lib/openhab2/.ssh/id_ed25519

                            Looks like it doesnt like loading it from that directory

                            debug2: input_userauth_pk_ok: fp SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k
                            debug3: sign_and_send_pubkey: ED25519 SHA256:2QxvQbZibZUUeRI7j5DwP3LaeCIvPDWJDSrcLw7UX2k
                            Load key "/var/lib/openhab2/.ssh/id_ed25519": Permission denied

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              What are the permissions on the file? Why are you trying to use a different user and then another user to auth with?

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                              A 1 Reply Last reply Reply Quote 0
                              • A
                                automate @johnpoz
                                last edited by

                                @johnpoz

                                The linux server has software on it called openhab. That software executes its scripts, or rules, using the openhab user. This is a home automation package.

                                So, the openhab user executes the command but logs in with 'nsautomate'

                                nsautomate@ihp:~$ sudo ls -la /var/lib/openhab2/.ssh/id_ed25519
-rw------- 1 root root 411 Aug  5 10:39 /var/lib/openhab2/.ssh/id_ed25519
nsautomate@ihp:~$
                                1 Reply Last reply Reply Quote 0
                                • johnpozJ
                                  johnpoz LAYER 8 Global Moderator
                                  last edited by

                                  that seems pointless.. if the user account openhab is going to run the command, just create that user on pfsense and use it to auth with and run the halt cmd.

                                  Only root can access that file, per the permissions on it.

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                  1 Reply Last reply Reply Quote 1
                                  • A
                                    automate
                                    last edited by automate

                                    Cool, that appears to have worked. However, its shut down pfsense but not powered off the unit, like it does if you select 'halt' from the GUI. I can still ping it but not SSH to it and its still forwarding packets despite a CLI message saying its being shut down??

                                    Is there an alternate command that shuts the whole system down gracefully?

                                    1 Reply Last reply Reply Quote 0
                                    • DerelictD
                                      Derelict LAYER 8 Netgate
                                      last edited by

                                      What kind of hardware?

                                      You probably want shutdown -p now

                                      https://www.freebsd.org/cgi/man.cgi?query=shutdown&manpath=FreeBSD+11.2-RELEASE

                                      Chattanooga, Tennessee, USA
                                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      A 1 Reply Last reply Reply Quote 1
                                      • johnpozJ
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by

                                        He has something running on linux that he wants to ssh into pfsense using public key auth and run the rc.halt

                                        Which works just fine I have tested your old thread, on a VM running 2.4.4p3 - takes all of 30 seconds to setup.

                                        He is having a problem using public key auth in general.

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                        1 Reply Last reply Reply Quote 1
                                        • DerelictD
                                          Derelict LAYER 8 Netgate
                                          last edited by

                                          Sounds like he got it working but didn't get a power off. /etc/rc.halt is probably a better option.

                                          Chattanooga, Tennessee, USA
                                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                          1 Reply Last reply Reply Quote 1
                                          • A
                                            automate @Derelict
                                            last edited by

                                            @Derelict it's intel i5 hardware. I'll try that option

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.