OPNsense 19.1 removes root's authorized_keys when reboot / shutdown+turn on
Do I have a twin with permutated remainders?
Font hinting is lost in Chrome-like browsers (for some languages )
Prove that NP is closed under karp reduction?
To string or not to string
Why can't I see bouncing of a switch on an oscilloscope?
What are the differences between the usage of 'it' and 'they'?
Today is the Center
Why dont electromagnetic waves interact with each other?
LaTeX closing $ signs makes cursor jump
Can a Warlock become Neutral Good?
How to format long polynomial?
Did Shadowfax go to Valinor?
Why are electrically insulating heatsinks so rare? Is it just cost?
Approximately how much travel time was saved by the opening of the Suez Canal in 1869?
Can an x86 CPU running in real mode be considered to be basically an 8086 CPU?
Why are 150k or 200k jobs considered good when there are 300k+ births a month?
Why do falling prices hurt debtors?
How does strength of boric acid solution increase in presence of salicylic acid?
Maximum likelihood parameters deviate from posterior distributions
Why did the Germans forbid the possession of pet pigeons in Rostov-on-Don in 1941?
Which models of the Boeing 737 are still in production?
Languages that we cannot (dis)prove to be Context-Free
If I cast Expeditious Retreat, can I Dash as a bonus action on the same turn?
TGV timetables / schedules?
OPNsense 19.1 removes root's authorized_keys when reboot / shutdown+turn on
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I have an OPNsense 19.1 virtual firewall, which is based on FreeBSD 11.2 HBSD (HardenedBSD).
I added it to Ansible Server inventory (with the right configurations), and once copied the PK to that BSD /root/.ssh/authorized_keys, I can connect to it (yes, running commands as root, it is in an isolated training environment).
The issue is that when I reboot or turn off and on the machine, that authorized_keys file disappears.
The file permissions are 600 (-rw-------).
Do you know why this happens and how to solve it? As far as I could see, in a normal FreeBSD I think there's no problem in having authorized_keys file in the root account...
freebsd openssh
add a comment |
I have an OPNsense 19.1 virtual firewall, which is based on FreeBSD 11.2 HBSD (HardenedBSD).
I added it to Ansible Server inventory (with the right configurations), and once copied the PK to that BSD /root/.ssh/authorized_keys, I can connect to it (yes, running commands as root, it is in an isolated training environment).
The issue is that when I reboot or turn off and on the machine, that authorized_keys file disappears.
The file permissions are 600 (-rw-------).
Do you know why this happens and how to solve it? As far as I could see, in a normal FreeBSD I think there's no problem in having authorized_keys file in the root account...
freebsd openssh
Could it be that a root home is mounted astmpfs
? Runmount
without arguments to check.
– arrowd
2 days ago
I already checked that, it is not, indeed, other files I edit in /root remain there, and even the .ssh/known_hosts file
– xCovelus
2 days ago
add a comment |
I have an OPNsense 19.1 virtual firewall, which is based on FreeBSD 11.2 HBSD (HardenedBSD).
I added it to Ansible Server inventory (with the right configurations), and once copied the PK to that BSD /root/.ssh/authorized_keys, I can connect to it (yes, running commands as root, it is in an isolated training environment).
The issue is that when I reboot or turn off and on the machine, that authorized_keys file disappears.
The file permissions are 600 (-rw-------).
Do you know why this happens and how to solve it? As far as I could see, in a normal FreeBSD I think there's no problem in having authorized_keys file in the root account...
freebsd openssh
I have an OPNsense 19.1 virtual firewall, which is based on FreeBSD 11.2 HBSD (HardenedBSD).
I added it to Ansible Server inventory (with the right configurations), and once copied the PK to that BSD /root/.ssh/authorized_keys, I can connect to it (yes, running commands as root, it is in an isolated training environment).
The issue is that when I reboot or turn off and on the machine, that authorized_keys file disappears.
The file permissions are 600 (-rw-------).
Do you know why this happens and how to solve it? As far as I could see, in a normal FreeBSD I think there's no problem in having authorized_keys file in the root account...
freebsd openssh
freebsd openssh
edited yesterday
Vladimir Botka
27819
27819
asked 2 days ago
xCovelusxCovelus
487
487
Could it be that a root home is mounted astmpfs
? Runmount
without arguments to check.
– arrowd
2 days ago
I already checked that, it is not, indeed, other files I edit in /root remain there, and even the .ssh/known_hosts file
– xCovelus
2 days ago
add a comment |
Could it be that a root home is mounted astmpfs
? Runmount
without arguments to check.
– arrowd
2 days ago
I already checked that, it is not, indeed, other files I edit in /root remain there, and even the .ssh/known_hosts file
– xCovelus
2 days ago
Could it be that a root home is mounted as
tmpfs
? Run mount
without arguments to check.– arrowd
2 days ago
Could it be that a root home is mounted as
tmpfs
? Run mount
without arguments to check.– arrowd
2 days ago
I already checked that, it is not, indeed, other files I edit in /root remain there, and even the .ssh/known_hosts file
– xCovelus
2 days ago
I already checked that, it is not, indeed, other files I edit in /root remain there, and even the .ssh/known_hosts file
– xCovelus
2 days ago
add a comment |
1 Answer
1
active
oldest
votes
To solve the issue, I'm afraid, you'll have to fight OPNsense 19.1 and find out how OPNsense handles roots authorized_keys.
The issue is that when I reboot or turn off and on the machine, that authorized_keys file disappears.
But there is an option to ssh as a non-root user and sudo su. This is a better practice especially with Ansible. Ansible needs the remote user to use /bin/sh. By default FreeBSD root uses /bin/csh. Ansible best practice is to ssh as a remote_user and escalate privilege (become: yes) to root (become_user: root).
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f510467%2fopnsense-19-1-removes-roots-authorized-keys-when-reboot-shutdownturn-on%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
To solve the issue, I'm afraid, you'll have to fight OPNsense 19.1 and find out how OPNsense handles roots authorized_keys.
The issue is that when I reboot or turn off and on the machine, that authorized_keys file disappears.
But there is an option to ssh as a non-root user and sudo su. This is a better practice especially with Ansible. Ansible needs the remote user to use /bin/sh. By default FreeBSD root uses /bin/csh. Ansible best practice is to ssh as a remote_user and escalate privilege (become: yes) to root (become_user: root).
add a comment |
To solve the issue, I'm afraid, you'll have to fight OPNsense 19.1 and find out how OPNsense handles roots authorized_keys.
The issue is that when I reboot or turn off and on the machine, that authorized_keys file disappears.
But there is an option to ssh as a non-root user and sudo su. This is a better practice especially with Ansible. Ansible needs the remote user to use /bin/sh. By default FreeBSD root uses /bin/csh. Ansible best practice is to ssh as a remote_user and escalate privilege (become: yes) to root (become_user: root).
add a comment |
To solve the issue, I'm afraid, you'll have to fight OPNsense 19.1 and find out how OPNsense handles roots authorized_keys.
The issue is that when I reboot or turn off and on the machine, that authorized_keys file disappears.
But there is an option to ssh as a non-root user and sudo su. This is a better practice especially with Ansible. Ansible needs the remote user to use /bin/sh. By default FreeBSD root uses /bin/csh. Ansible best practice is to ssh as a remote_user and escalate privilege (become: yes) to root (become_user: root).
To solve the issue, I'm afraid, you'll have to fight OPNsense 19.1 and find out how OPNsense handles roots authorized_keys.
The issue is that when I reboot or turn off and on the machine, that authorized_keys file disappears.
But there is an option to ssh as a non-root user and sudo su. This is a better practice especially with Ansible. Ansible needs the remote user to use /bin/sh. By default FreeBSD root uses /bin/csh. Ansible best practice is to ssh as a remote_user and escalate privilege (become: yes) to root (become_user: root).
answered yesterday
Vladimir BotkaVladimir Botka
27819
27819
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f510467%2fopnsense-19-1-removes-roots-authorized-keys-when-reboot-shutdownturn-on%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Could it be that a root home is mounted as
tmpfs
? Runmount
without arguments to check.– arrowd
2 days ago
I already checked that, it is not, indeed, other files I edit in /root remain there, and even the .ssh/known_hosts file
– xCovelus
2 days ago