Tuesday, January 20, 2026

Re: Granting access to OpenBSD



On Tue, Jan 20, 2026 at 11:51 AM Thomas Kupper <mailing.list@kupper.li> wrote:


On 20.01.2026 08:38, Washington Odhiambo wrote:
>
>
> On Tue, Jan 20, 2026 at 11:10 AM Thomas Kupper <mailing.list@kupper.li
> <mailto:mailing.list@kupper.li>> wrote:
>
>
>
>     On 20.01.2026 07:47, Washington Odhiambo wrote:
>      >
>      >
>      > On Mon, Jan 19, 2026 at 7:42 PM Martin Schröder
>     <martin@oneiros.de <mailto:martin@oneiros.de>
>      > <mailto:martin@oneiros.de <mailto:martin@oneiros.de>>> wrote:
>      >
>      >     Am Mo., 19. Jan. 2026 um 17:08 Uhr schrieb Washington Odhiambo
>      >     <odhiambo@gmail.com <mailto:odhiambo@gmail.com>
>     <mailto:odhiambo@gmail.com <mailto:odhiambo@gmail.com>>>:
>      >      > Thank you for the explanation. Very easy to understand.
>      >      > I did exactly what you advised. It still did not allow me
>     SSH access.
>      >      > Now, I added pf=NO /etc/rc.conf.local and rebooted.
>      >      > I believe this disabled PF completely.
>      >      > This too did not solve the problem.
>      >      > I remember running OpenBSD7.4 under VMWare Workstation and
>     life
>      >     wasn't this difficult.
>      >      > See as I even have FreeBSD 15-RELEASE as a Proxmox VM and
>      >     accessible, I am completely stumped with this issue around
>     OpenBSD.
>      >      >
>      >      > TIt's affecting my sanity.
>      >      >
>      >      > Does anyone have any suggestions on how else I can resolve
>     this?
>      >
>      >     Start by reading the PF users guide.
>      > http://www.openbsd.org/faq/pf/index.html <http://www.openbsd.org/
>     faq/pf/index.html> <http://www.openbsd.org/ <http://www.openbsd.org/>
>      >     faq/pf/index.html>
>      >
>      >     And trim down your pf.conf - start with a minimal config.
>      >
>      >
>      > The point is, I am not even interested in PF in the first place.
>     I just
>      > need SSH access to work.
>      > The question is why it's not, even with PF disabled, yet sshd is
>     running.
>      > See https://imgur.com/a/1OnKWNQ <https://imgur.com/a/1OnKWNQ>
>     <https://imgur.com/a/1OnKWNQ <https://imgur.com/a/1OnKWNQ>>
>
>     With pf disabled: What user are you trying to connect and are you using
>     a ssh key or password? Have you created an additional user when you
>     installed OpenBSD?
>
>
> Yes.
>
>     When you installed OpenBSD, at one point the question is:
>
>     -> Allow root ssh logging (yes, no, prohibit-password) [no]
>
>
> I chose YES.
>
>     If you left it at 'no' you won't be able to login as root user. If you
>     selected 'prohibit-password', you won't be able to login with a
>     password, only with a key.
>
>     Check /etc/ssh/sshd_config for "PermitRootLogin", or use the additional
>     user you created.
>
>
> The issue is NOT about login failure. It's about port 22 appearing not
> to be open to accept connections.

I see, as another replier suggested: run tcpdump on the machine and
check if SSH requests come in. Make sure no Proxmox firewall is enabled
on the this VM, you're on the correct bridge, and so on.

I have installed a few OpenBSDs in different versions on Proxmox and
they behaved as expected.

It certainly would help if you show a few configuration bit, like sshd
and vio0.


openbsd# ifconfig
lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768
        index 3 priority 0 llprio 3
        groups: lo
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
vio0: flags=2808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4,LRO> mtu 1500
        lladdr bc:24:11:bc:a1:99
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet 192.168.69.22 netmask 0xffffff00 broadcast 192.168.69.255
enc0: flags=0<>
        index 2 priority 0 llprio 3
        groups: enc
        status: active

openbsd# netstat -rn | head -n 5
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            192.168.69.1       UGS        5      198     -     8 vio0

openbsd# /etc/rc.d/sshd check
sshd(ok)

openbsd# egrep -v '^$|^.*#' /etc/ssh/sshd_config
PermitRootLogin yes
AuthorizedKeysFile      .ssh/authorized_keys
Subsystem       sftp    /usr/libexec/sftp-server
openbsd#

openbsd# ping -c 3 192.168.69.1
PING 192.168.69.1 (192.168.69.1): 56 data bytes
64 bytes from 192.168.69.1: icmp_seq=0 ttl=64 time=0.485 ms
64 bytes from 192.168.69.1: icmp_seq=1 ttl=64 time=0.487 ms
64 bytes from 192.168.69.1: icmp_seq=2 ttl=64 time=0.463 ms

--- 192.168.69.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.463/0.478/0.487/0.011 ms

openbsd# ping -c 192.168.69.109
PING 192.168.69.109 (192.168.69.109): 56 data bytes
64 bytes from 192.168.69.109: icmp_seq=0 ttl=128 time=3.339 ms
64 bytes from 192.168.69.109: icmp_seq=1 ttl=128 time=3.033 ms
64 bytes from 192.168.69.109: icmp_seq=2 ttl=128 time=3.266 ms

--- 192.168.69.109 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.033/3.212/3.339/0.130 ms

openbsd# ping -c 3 gmail.com
PING gmail.com (142.250.217.5): 56 data bytes
64 bytes from 142.250.217.5: icmp_seq=0 ttl=117 time=272.824 ms
64 bytes from 142.250.217.5: icmp_seq=1 ttl=117 time=272.675 ms
64 bytes from 142.250.217.5: icmp_seq=2 ttl=117 time=272.324 ms

--- gmail.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 272.324/272.608/272.824/0.210 ms


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

No comments:

Post a Comment