Ssh login with cert doesn't work?



  • Trying to enable ssh-login with cert results in following errors:

    login with cert: Permission denied (publickey).

    Doesn't matter if I do "ssh -i …" or "ssh ..." Same result.
    By this way, sometimes the first page of "System/Advanced" is resetted to initial values.

    Anybody else with same error? I use the 2.0 built on Tue Jun 9 13:40:56 EDT 2009
    FreeBSD pfsense.local 7.1-RELEASE-p5 FreeBSD 7.1-RELEASE-p5 #0: Tue Jun 9 13:38:22 EDT 2009
    Earlier releases have the same error.



  • I had the same issue myself when upgrading from 1.2 to 2.0. I believe I solved the problem by placing the id_dsa.pub file with the key in the .ssh folder of the home directory. I didn't get it to work by just pasting
    it into the web interface page.



  • I think, I found out what happens (partly):

    For users added via the WebIF:
    Owner of .ssh AND authorized_keys is root, not the user himself. Changing the rights solves the problem.

    Thanks much, user root needs the key.pub. I copied from other box and worked like a charm.
    only till next reboot…

    I changed auth.inc in /etc/inc like this: (lines marked with --> are added)

    /* write out ssh authorized key file */
           if($user['authorizedkeys']) {
                   if (!is_dir("{$user_home}/.ssh"))
                           mkdir("{$user_home}/.ssh", 0700);
    –>                    chown("{$user_home}/.ssh", $user_name);
                   $keys = base64_decode($user['authorizedkeys']);
                   file_put_contents("{$user_home}/.ssh/authorized_keys", $keys);
    –>           chown("{$user_home}/.ssh/authorized_keys", $user_name);
           }

    With this change new users have the right rights.

    Found out, that not only RSA-keys work, DSA-keys work too



  • Thanks is in the sources now.


Log in to reply