SSH key exchange

jeffpfse · Jul 24, 2012, 2:54 PM

I'm trying to get it set up pfsense so that I can ssh into the server using a key exchange. In the webgui I've got the box ticked to disable password login for ssh and I generated a key pair and pasted my public key into the user manager, but I still keep getting an error message when I try to ssh into the pfsense box.

Permission denied (publickey)

I'm sure it's something simple that I am missing, but for the life of me I can't get this figured out. Any suggestions?

Thanks in advance.

podilarius · Jul 24, 2012, 4:18 PM

What are you using for your SSH client?
Check this forum post out.
edit:
Course forgot to post the link:
http://forum.pfsense.org/index.php/topic,26759.15.html

johnpoz · Jul 24, 2012, 4:17 PM

this is how I connect to my pfsense box. Are you wanting to connect from lan side or wan side?

Have you ran across this thread http://forum.pfsense.org/index.php/topic,26759.0.html

More than likely a format error with your key you pasted in, etc. I don't recall ever having any issues with this. But happy to work with you to get it working.

Here is my current setup in my pfsense, what version of pfsense are you using?

Using username "admin".
Authenticating with public key "rsa-key-20050817"
*** Welcome to pfSense 2.1-BETA0-pfSense (i386) on pfsense ***

jeffpfse · Jul 24, 2012, 4:27 PM

@podilarius:

What are you using for your SSH client?
Check this forum post out.
edit:
Course forgot to post the link:
http://forum.pfsense.org/index.php/topic,26759.15.html

I'm using the ssh client from Ubuntu at the CLI.

echoranger · Jul 24, 2012, 5:14 PM

One thing to do is make sure your id_rsa or id_dsa file in your .ssh directory on your Ubuntu box is set to chmod 0600. If it is group- or world-readable openssh will not accept it and you will get the error you describe. This has bitten me more than once in the past.

EDIT: added clarification that I'm speaking about the Ubuntu box, not pfSense

jeffpfse · Jul 24, 2012, 6:05 PM

@echoranger:

One thing to do is make sure your id_rsa or id_dsa file in your .ssh directory on your Ubuntu box is set to chmod 0600. If it is group- or world-readable openssh will not accept it and you will get the error you describe. This has bitten me more than once in the past.

EDIT: added clarification that I'm speaking about the Ubuntu box, not pfSense

That didn't seem to fix the problem. Do I need to do anything other than paste the public key into the pfsense webgui? I have the private key on my ubuntu box in .ssh/id_rsa

johnpoz · Jul 24, 2012, 7:41 PM

how is your public key pasted, it could just be a bad paste? I do believe you should be on one line, if you have line breaks could cause problems, etc.

I just created a new user in pfsense, and then setup public key auth from my ubuntu box. And all I did is paste the key.

simple
ssh-keygen -t rsa
on the ubuntu box

then pasted the id_ras.pub into pfsense user manager for that user that username matches up with my ubuntu username.

bam

budman@ubuntu:~/.ssh$ ssh 192.168.1.253
Last login: Tue Jul 24 14:42:16 2012 from 192.168.1.7
Copyright 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.

[2.1-BETA0][budman@pfsense.local.lan]/home/budman(1):

jeffpfse · Jul 29, 2012, 9:43 PM

I think part of the problem was that my ubuntu session was a VM and had virtual box at the end of my computer name. I figured out how to change that, added a new user on the webconfigurator, generated a new key pair, pasted the public key into the box, and everything worked great!

Thanks for the suggestions everyone, the key is now working perfectly. Now if I could just figure out how to fix my one server where the pfsense update to 2.0.1 didn't work correctly. :(