SSH key exchange



  • I'm trying to get it set up pfsense so that I can ssh into the server using a key exchange.  In the webgui I've got the box ticked to disable password login for ssh and I generated a key pair and pasted my public key into the user manager, but I still keep getting an error message when I try to ssh into the pfsense box.

    Permission denied (publickey)

    I'm sure it's something simple that I am missing, but for the life of me I can't get this figured out.  Any suggestions?

    Thanks in advance.



  • What are you using for your SSH client?
    Check this forum post out.
    edit:
    Course forgot to post the link:
    http://forum.pfsense.org/index.php/topic,26759.15.html


  • LAYER 8 Global Moderator

    this is how I connect to my pfsense box.  Are you wanting to connect from lan side or wan side?

    Have you ran across this thread http://forum.pfsense.org/index.php/topic,26759.0.html

    More than likely a format error with your key you pasted in, etc.  I don't recall ever having any issues with this.  But happy to work with you to get it working.

    Here is my current setup in my pfsense, what version of pfsense are you using?

    Using username "admin".
    Authenticating with public key "rsa-key-20050817"
    *** Welcome to pfSense 2.1-BETA0-pfSense (i386) on pfsense ***




  • @podilarius:

    What are you using for your SSH client?
    Check this forum post out.
    edit:
    Course forgot to post the link:
    http://forum.pfsense.org/index.php/topic,26759.15.html

    I'm using the ssh client from Ubuntu at the CLI.



  • One thing to do is make sure your id_rsa or id_dsa file in your .ssh directory on your Ubuntu box is set to chmod 0600. If it is group- or world-readable openssh will not accept it and you will get the error you describe. This has bitten me more than once in the past.

    EDIT: added clarification that I'm speaking about the Ubuntu box, not pfSense



  • @echoranger:

    One thing to do is make sure your id_rsa or id_dsa file in your .ssh directory on your Ubuntu box is set to chmod 0600. If it is group- or world-readable openssh will not accept it and you will get the error you describe. This has bitten me more than once in the past.

    EDIT: added clarification that I'm speaking about the Ubuntu box, not pfSense

    That didn't seem to fix the problem.  Do I need to do anything other than paste the public key into the pfsense webgui?  I have the private key on my ubuntu box in .ssh/id_rsa


  • LAYER 8 Global Moderator

    how is your public key pasted, it could just be a bad paste?  I do believe you should be on one line, if you have line breaks could cause problems, etc.

    I just created a new user in pfsense, and then setup public key auth from my ubuntu box.  And all I did is paste the key.

    simple
    ssh-keygen -t rsa
    on the ubuntu box

    then pasted the id_ras.pub into pfsense user manager for that user that username matches up with my ubuntu username.

    bam

    budman@ubuntu:~/.ssh$ ssh 192.168.1.253
    Last login: Tue Jul 24 14:42:16 2012 from 192.168.1.7
    Copyright © 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
           The Regents of the University of California.  All rights reserved.

    [2.1-BETA0][budman@pfsense.local.lan]/home/budman(1):



  • I think part of the problem was that my ubuntu session was a VM and had virtual box at the end of my computer name.  I figured out how to change that, added a new user on the webconfigurator, generated a new key pair, pasted the public key into the box, and everything worked great!

    Thanks for the suggestions everyone, the key is now working perfectly.  Now if I could just figure out how to fix my one server where the pfsense update to 2.0.1 didn't work correctly.  :(


Log in to reply