On Tue, Sep 10, 2024 at 08:32:05PM +0900, WATANABE Takeo wrote:
> I found out that I can log in with normal public key
> cryptography authentication (ed25519) in the same pf.conf environment,
> and that I can log in with ed25519-sk key authentication if I stop pf.
>
> It occurred to me again that the pf.conf I had written might be the problem.
It should not matter whether PF is enabled or not, as long as the loaded rules
allow your SSH traffic to pass. I would suspect the cause lies elsewhere.
Just to make sure: Is that at the end of your message the complete ruleset,
loaded in the normal way (and no scriptery that set network-relevant options
you are not showing here)?
As Ze Loff said, tcpdump with appropriate options at both ends while trying
to authenticate will show the real story.
> tcp_services="{ http, https, domain, smtp, smtps, msa, imaps, 1522 }"
Are we safe to assume that your sshd listens on port 1522?
Once again, it is impossible to offer really useful input unless we have
the entire configuration, at least the complete pf.conf along with any
hostname.vio0 or at least the ifconfig output for the interface.
All the best,
Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
