Hi. misc@ users.
I have previously consulted on the description of pf.conf.
I have reflected on the advice I received
at that time and can now use it normally, thank you very much.
However, we have noticed that one problem has arisen.
I used to use ‘Yubikey(FIFO2)’ to log in via SSH,
but now I can't log in.
Starting with OpenSSH 8.2,
hardware authentication using U2F/FIDO2 devices is supported.
We have been using one of these devices, the ‘Yubikey’,
for key authentication using ed25519-sk.
I found out that I can log in with normal public key
cryptography authentication (ed25519) in the same pf.conf environment,
and that I can log in with ed25519-sk key authentication if I stop pf.
It occurred to me again that the pf.conf I had written might be the problem.
Could you please advise and discuss my pf.conf once more so that
it is more appropriate and I can log in with ed25519-sk key authentication?
The current pf.con is attached.
# As there was no official OpenSSH user mailing list,
# I posted this to misc@ If anyone knows of a suitable posting address,
# please let us know.
Sincerely yours,
---
WATANABE, Takeo
[email protected]
tcp_services="{ http, https, domain, smtp, smtps, msa, imaps, 1522 }"
udp_services="{ domain, ntp }"
set block-policy drop
set loginterface vio0
# don't filter on loopback interface
set skip on lo0
# set up a default deny policy
block log all
# Allow packets
pass quick on vio0 proto tcp to any port $tcp_services keep state
pass quick on vio0 proto udp to any port $udp_services keep state
# Allow ICMP Packets
pass quick on vio0 proto icmp to any keep state
pass quick on vio0 proto icmp6 to any keep state
