OPNSense Firewall inventory #969

GuidoWilden · 2025-07-09T10:11:03Z

GuidoWilden
Jul 9, 2025

Bug reporting acknowledgment

Yes, I read it

Professional support

None

Describe the bug

Not sure this is a bug or a limitation rather. We are running an OPNSense Firewall on a Supermicro host that unfortunately doesn't allow direct login to a shell.
When logging in the user is greeted with the following menu:

0) Logout                              7) Ping host
 1) Assign interfaces                   8) Shell
 2) Set interface IP address            9) pfTop
 3) Reset the root password            10) Firewall log
 4) Reset to factory defaults          11) Reload all services
 5) Power off system                   12) Update from console
 6) Reboot system                      13) Restore a backup

When I try to add the host to the remote inventory list I get:

glpi-remote add ssh://[email protected] --target server0
[error] [libssh2] Can't authenticate on 10.0.1.1 remote host
LANG=C: Command not found.
'ssh://[email protected]' check failure: Can't run simple command on remote, check server is up and ssh access is setup

Is there maybe a way around this limitation I am not aware off?

To reproduce

Attempt a remote inventory on an OPNSense Firewall

Expected behavior

Read in the inventory.

Operating system

Linux

GLPI Agent version

Nightly build (git version in additional context below)

GLPI version

10.0.18

GLPIInventory plugin or other plugin version

GLPI Inventory v1.5.3

Additional context

GLPI agent v1.16-gitc2a70c26

Answered by g-bougard

Jul 9, 2025

Hi @GuidoWilden

I moved your question as a discussion as this is the best place to ask such kind of question.

To me, this is not a glpi-agent issue but a device limitation. The manufacturer designed the ssh access to provide limited choices via a menu.

Here I see there's the menu "8) Shell". Maybe you can use it to create a dedicated user with admin rights and with a normal shell for ssh login.
Or you can setup ssh access with a dedicated ssh key and setup a normal shell just for that access.
If this is not possible, this device can't be inventoried via remoteinventory.

View full answer

g-bougard · 2025-07-09T16:34:11Z

g-bougard
Jul 9, 2025
Maintainer

Hi @GuidoWilden

I moved your question as a discussion as this is the best place to ask such kind of question.

To me, this is not a glpi-agent issue but a device limitation. The manufacturer designed the ssh access to provide limited choices via a menu.

Here I see there's the menu "8) Shell". Maybe you can use it to create a dedicated user with admin rights and with a normal shell for ssh login.
Or you can setup ssh access with a dedicated ssh key and setup a normal shell just for that access.
If this is not possible, this device can't be inventoried via remoteinventory.

1 reply

GuidoWilden Jul 9, 2025
Author

Thank you for this @g-bougard, I will see if something like that is maybe possible.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

OPNSense Firewall inventory #969

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

OPNSense Firewall inventory #969

Uh oh!

GuidoWilden Jul 9, 2025

Bug reporting acknowledgment

Professional support

Describe the bug

To reproduce

Expected behavior

Operating system

GLPI Agent version

GLPI version

GLPIInventory plugin or other plugin version

Additional context

Replies: 1 comment · 1 reply

Uh oh!

g-bougard Jul 9, 2025 Maintainer

Uh oh!

GuidoWilden Jul 9, 2025 Author

GuidoWilden
Jul 9, 2025

Replies: 1 comment 1 reply

g-bougard
Jul 9, 2025
Maintainer

GuidoWilden Jul 9, 2025
Author