On Tue, Jan 20, 2026 at 11:51 AM Thomas Kupper <mailing.list@kupper.li> wrote:
On 20.01.2026 08:38, Washington Odhiambo wrote:
>
>
> On Tue, Jan 20, 2026 at 11:10 AM Thomas Kupper <mailing.list@kupper.li
> <mailto:mailing.list@kupper.li>> wrote:
>
>
>
> On 20.01.2026 07:47, Washington Odhiambo wrote:
> >
> >
> > On Mon, Jan 19, 2026 at 7:42 PM Martin Schröder
> <martin@oneiros.de <mailto:martin@oneiros.de>
> > <mailto:martin@oneiros.de <mailto:martin@oneiros.de>>> wrote:
> >
> > Am Mo., 19. Jan. 2026 um 17:08 Uhr schrieb Washington Odhiambo
> > <odhiambo@gmail.com <mailto:odhiambo@gmail.com>
> <mailto:odhiambo@gmail.com <mailto:odhiambo@gmail.com>>>:
> > > Thank you for the explanation. Very easy to understand.
> > > I did exactly what you advised. It still did not allow me
> SSH access.
> > > Now, I added pf=NO /etc/rc.conf.local and rebooted.
> > > I believe this disabled PF completely.
> > > This too did not solve the problem.
> > > I remember running OpenBSD7.4 under VMWare Workstation and
> life
> > wasn't this difficult.
> > > See as I even have FreeBSD 15-RELEASE as a Proxmox VM and
> > accessible, I am completely stumped with this issue around
> OpenBSD.
> > >
> > > TIt's affecting my sanity.
> > >
> > > Does anyone have any suggestions on how else I can resolve
> this?
> >
> > Start by reading the PF users guide.
> > http://www.openbsd.org/faq/pf/index.html <http://www.openbsd.org/
> faq/pf/index.html> <http://www.openbsd.org/ <http://www.openbsd.org/>
> > faq/pf/index.html>
> >
> > And trim down your pf.conf - start with a minimal config.
> >
> >
> > The point is, I am not even interested in PF in the first place.
> I just
> > need SSH access to work.
> > The question is why it's not, even with PF disabled, yet sshd is
> running.
> > See https://imgur.com/a/1OnKWNQ <https://imgur.com/a/1OnKWNQ>
> <https://imgur.com/a/1OnKWNQ <https://imgur.com/a/1OnKWNQ>>
>
> With pf disabled: What user are you trying to connect and are you using
> a ssh key or password? Have you created an additional user when you
> installed OpenBSD?
>
>
> Yes.
>
> When you installed OpenBSD, at one point the question is:
>
> -> Allow root ssh logging (yes, no, prohibit-password) [no]
>
>
> I chose YES.
>
> If you left it at 'no' you won't be able to login as root user. If you
> selected 'prohibit-password', you won't be able to login with a
> password, only with a key.
>
> Check /etc/ssh/sshd_config for "PermitRootLogin", or use the additional
> user you created.
>
>
> The issue is NOT about login failure. It's about port 22 appearing not
> to be open to accept connections.
I see, as another replier suggested: run tcpdump on the machine and
check if SSH requests come in. Make sure no Proxmox firewall is enabled
on the this VM, you're on the correct bridge, and so on.
I have installed a few OpenBSDs in different versions on Proxmox and
they behaved as expected.
It certainly would help if you show a few configuration bit, like sshd
and vio0.
openbsd# ifconfig
lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768
index 3 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
vio0: flags=2808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4,LRO> mtu 1500
lladdr bc:24:11:bc:a1:99
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect
status: active
inet 192.168.69.22 netmask 0xffffff00 broadcast 192.168.69.255
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
openbsd# netstat -rn | head -n 5
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 192.168.69.1 UGS 5 198 - 8 vio0
openbsd# /etc/rc.d/sshd check
sshd(ok)
openbsd# egrep -v '^$|^.*#' /etc/ssh/sshd_config
PermitRootLogin yes
AuthorizedKeysFile .ssh/authorized_keys
Subsystem sftp /usr/libexec/sftp-server
openbsd#
openbsd# ping -c 3 192.168.69.1
PING 192.168.69.1 (192.168.69.1): 56 data bytes
64 bytes from 192.168.69.1: icmp_seq=0 ttl=64 time=0.485 ms
64 bytes from 192.168.69.1: icmp_seq=1 ttl=64 time=0.487 ms
64 bytes from 192.168.69.1: icmp_seq=2 ttl=64 time=0.463 ms
--- 192.168.69.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.463/0.478/0.487/0.011 ms
openbsd# ping -c 192.168.69.109
PING 192.168.69.109 (192.168.69.109): 56 data bytes
64 bytes from 192.168.69.109: icmp_seq=0 ttl=128 time=3.339 ms
64 bytes from 192.168.69.109: icmp_seq=1 ttl=128 time=3.033 ms
64 bytes from 192.168.69.109: icmp_seq=2 ttl=128 time=3.266 ms
--- 192.168.69.109 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.033/3.212/3.339/0.130 ms
openbsd# ping -c 3 gmail.com
PING gmail.com (142.250.217.5): 56 data bytes
64 bytes from 142.250.217.5: icmp_seq=0 ttl=117 time=272.824 ms
64 bytes from 142.250.217.5: icmp_seq=1 ttl=117 time=272.675 ms
64 bytes from 142.250.217.5: icmp_seq=2 ttl=117 time=272.324 ms
--- gmail.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 272.324/272.608/272.824/0.210 ms
lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768
index 3 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
vio0: flags=2808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4,LRO> mtu 1500
lladdr bc:24:11:bc:a1:99
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect
status: active
inet 192.168.69.22 netmask 0xffffff00 broadcast 192.168.69.255
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
openbsd# netstat -rn | head -n 5
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 192.168.69.1 UGS 5 198 - 8 vio0
openbsd# /etc/rc.d/sshd check
sshd(ok)
openbsd# egrep -v '^$|^.*#' /etc/ssh/sshd_config
PermitRootLogin yes
AuthorizedKeysFile .ssh/authorized_keys
Subsystem sftp /usr/libexec/sftp-server
openbsd#
openbsd# ping -c 3 192.168.69.1
PING 192.168.69.1 (192.168.69.1): 56 data bytes
64 bytes from 192.168.69.1: icmp_seq=0 ttl=64 time=0.485 ms
64 bytes from 192.168.69.1: icmp_seq=1 ttl=64 time=0.487 ms
64 bytes from 192.168.69.1: icmp_seq=2 ttl=64 time=0.463 ms
--- 192.168.69.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.463/0.478/0.487/0.011 ms
openbsd# ping -c 192.168.69.109
PING 192.168.69.109 (192.168.69.109): 56 data bytes
64 bytes from 192.168.69.109: icmp_seq=0 ttl=128 time=3.339 ms
64 bytes from 192.168.69.109: icmp_seq=1 ttl=128 time=3.033 ms
64 bytes from 192.168.69.109: icmp_seq=2 ttl=128 time=3.266 ms
--- 192.168.69.109 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.033/3.212/3.339/0.130 ms
openbsd# ping -c 3 gmail.com
PING gmail.com (142.250.217.5): 56 data bytes
64 bytes from 142.250.217.5: icmp_seq=0 ttl=117 time=272.824 ms
64 bytes from 142.250.217.5: icmp_seq=1 ttl=117 time=272.675 ms
64 bytes from 142.250.217.5: icmp_seq=2 ttl=117 time=272.324 ms
--- gmail.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 272.324/272.608/272.824/0.210 ms
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
No comments:
Post a Comment