Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Non root user ssh logon or other methods

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 956 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jamison
      last edited by

      I use Xymon for monitoring, formerly Hobbit, formerly BigBrother.  It's an awesome monitoring system, I thoroughly suggest it.  Either way, I've got a couple of different options to monitor this box, but I'm running into problems with all of them.

      Option 1: Remote SSH client> 
          There is a client that executes entirely out of SSH, however, I run the server as a regular user for obvious reasons.  In order for the SSH client to work I need key based auth as that user, which isn't a problem for the myriad of other systems I do this for, but I am unable to get this to work in pfsense.  Not just specifically key based auth, but for any user I configure other than root/admin.  Has anyone got this to work?  Here's the output from ssh -v

      [username@hostname bin]$ ssh -v firewall
      OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
      debug1: Reading configuration data /etc/ssh/ssh_config
      debug1: Applying options for *
      debug1: Connecting to firewall [10.1.0.10] port 22.
      debug1: Connection established.
      debug1: identity file /home/username/.ssh/identity type -1
      debug1: identity file /home/username/.ssh/identity-cert type -1
      debug1: identity file /home/username/.ssh/id_rsa type 1
      debug1: identity file /home/username/.ssh/id_rsa-cert type -1
      debug1: identity file /home/username/.ssh/id_dsa type -1
      debug1: identity file /home/username/.ssh/id_dsa-cert type -1
      debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4p1_hpn13v11 FreeBSD-20100308
      debug1: match: OpenSSH_5.4p1_hpn13v11 FreeBSD-20100308 pat OpenSSH*
      debug1: Enabling compatibility mode for protocol 2.0
      debug1: Local version string SSH-2.0-OpenSSH_5.3
      debug1: SSH2_MSG_KEXINIT sent
      debug1: SSH2_MSG_KEXINIT received
      debug1: kex: server->client aes128-ctr hmac-md5 none
      debug1: kex: client->server aes128-ctr hmac-md5 none
      debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
      debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
      debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
      debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
      debug1: Host 'firewall' is known and matches the RSA host key.
      debug1: Found key in /home/username/.ssh/known_hosts:4
      debug1: ssh_rsa_verify: signature correct
      debug1: SSH2_MSG_NEWKEYS sent
      debug1: expecting SSH2_MSG_NEWKEYS
      debug1: SSH2_MSG_NEWKEYS received
      debug1: SSH2_MSG_SERVICE_REQUEST sent
      debug1: SSH2_MSG_SERVICE_ACCEPT received
      debug1: Authentications that can continue: publickey,password,keyboard-interactive
      debug1: Next authentication method: publickey
      debug1: Trying private key: /home/username/.ssh/identity
      debug1: Offering public key: /home/username/.ssh/id_rsa
      debug1: Authentications that can continue: publickey,password,keyboard-interactive
      debug1: Trying private key: /home/username/.ssh/id_dsa
      debug1: Next authentication method: keyboard-interactive
      Password:
      debug1: Authentications that can continue: publickey,password,keyboard-interactive

      I see that it likes the public key, but still fails to authenticate, and what's more irritating is that I can go through keyboard interactive then password and it will still fail no matter what.  I simply cannot logon as any other user than root.  Also, I've tried this with adding the Shell Access permission in user manager and with all permissions, which isn't a preferred method, but still no luck.

      Option 2: Fat Client
          There exists a fat client for BSD that I can pull and run successfully, however; no matter what I've tried to do I cannot get it to autostart, but you'll have to forgive me, I not very savvy with pfsense/nanobsd.  If I understand it correctly, everything gets re-written upon restart, so I can't use rc.d, but cron is an option.  I understand that BSD supports the '@reboot' syntax in cron, but I haven't been able to get that to work either.  Any suggestions?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.