{"id":46,"date":"2023-02-01T13:13:06","date_gmt":"2023-02-01T13:13:06","guid":{"rendered":"https:\/\/www.nuclearwaffle.com\/?p=46"},"modified":"2023-02-01T13:13:06","modified_gmt":"2023-02-01T13:13:06","slug":"uploading-the-correct-acme-keys-to-your-sftp-upload-client","status":"publish","type":"post","link":"https:\/\/www.nuclearwaffle.com\/?p=46","title":{"rendered":"Uploading the correct ACME keys to your SFTP upload client"},"content":{"rendered":"\n

So you’ve got OPNsense as a router, and you’re trying to shove certificates around using the ACME client automations, and it’s not going well. You try to test the connection and all you get is Permission Denied (publickey, password) errors.<\/p>\n\n\n\n

The fix is to upload the correct key to the correct place. The issue is, ACME uses a different set of public\/private keys that any other user does. It’s doing its own thing. And that means you need to get its keys, not the keys of any particular user.<\/p>\n\n\n\n

What I’m going to describe next may be easier with ssh-copy-id or similar, but OPNsense doesn’t have it so you get to do it manually.<\/p>\n\n\n\n

Login to your OPNsense router via ssh.<\/p>\n\n\n\n

Copy out the contents of the id_rsa.pub file at \/var\/etc\/acme-client\/sftp-config\/id.rsa.pub.<\/p>\n\n\n\n

Login to your client device (whatever’s going to accept the key) as the correct user (whichever user you’re going to have doing the ssh stuff).<\/p>\n\n\n\n

Copy in the public key to that user’s<\/em> ~\/.ssh\/authorized_keys file.<\/p>\n\n\n\n

Test the connection:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

If you got it right, you should see this:<\/p>\n\n\n\n

\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"

So you’ve got OPNsense as a router, and you’re trying to shove certificates around using the ACME client automations, and it’s not going well. You try to test the connection and all you get is Permission Denied (publickey, password) errors. The fix is to upload the correct key to the correct place. The issue is,…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-46","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/posts\/46","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46"}],"version-history":[{"count":1,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/posts\/46\/revisions"}],"predecessor-version":[{"id":49,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=\/wp\/v2\/posts\/46\/revisions\/49"}],"wp:attachment":[{"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nuclearwaffle.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}