Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    using pfSsh.php to set user authorized_keys

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 1 Posters 402 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      teridon
      last edited by

      I'm trying to set the admin user's SSH authorized keys via pfSsh.php but I'm only having partial success. The following recorded session seems to partly work, in that after I run it, the web GUI then shows the new authorized_keys text. However, it doesn't update the actual /root/.ssh/authorized_keys file on the system.

      $config['system']['user'][0]['authorizedkeys'] = "base64-encoded-string-here=";
      write_config();
      

      I noticed that based on what's in system_usermanager.php, I needed to make a call to local_user_set(), so I tried this as a test:

      require_once("guiconfig.inc");
      $userent=$config['system']['user'][0];
      local_user_set($userent);
      

      But that results in a "DNS Rebind attack detected" error.

      Can someone please clue me in on how to get the system to update the system authorized_keys file from the command-line?

      1 Reply Last reply Reply Quote 0
      • T
        teridon
        last edited by teridon

        Rubber-duck wins again; I need to load auth.inc, not guiconfig.inc:

        require_once("auth.inc");
        $userent=$config['system']['user'][0];
        $userent['authorizedkeys'] = "base-64-encoded-string-here";
        write_config();
        local_user_set($userent);
        
        1 Reply Last reply Reply Quote 1
        • T
          teridon
          last edited by

          I just now realized that I need to do BOTH; the second one alone would leave the wrong information in the Web UI.

          # update the text in the Web UI
          $config['system']['user'][0]['authorizedkeys'] = "base64-encoded-string-here=";
          write_config();
          
          # update the authorized_keys file
          require_once("auth.inc");
          $userent=$config['system']['user'][0];
          $userent['authorizedkeys'] = "base-64-encoded-string-here";
          write_config();
          local_user_set($userent);
          
          T 1 Reply Last reply Reply Quote 0
          • T
            teridon @teridon
            last edited by

            24.11 changed something. New code:

            $username = 'foobar';
            $user_item_config = getUserEntry($username);
            $usernum = $user_item_config['idx'];
            $user = &$user_item_config['item'];
            $user['authorizedkeys'] = "base-64-encoded-string-here";
            config_set_path('system/user/'. $usernum . '/authorizedkeys', "base-64-encoded-string-here" );
            write_config('edited SSH public key for user foobar via pfSsh.php');
            local_user_set($user);
            
            
            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.