Pfsense ssh password reset reddit

Pfsense ssh password reset reddit. If we leave this parameter blank If you want more security, you can use a VPN to your box, and only open SSH to that interface. Enabling Serial Communications. Below is an example of what the console menu will look like, but it may vary slightly depending on the version and I've seen people having trouble with forgetting root passwords, I've made this script to reset it to the default "alpine". I rebooted all the devices and tried to log in - again, no user name and password (default and pfsense didn't work). (or http, or whatever is appropriate to your setup) Reply reply. I've restarted the WebConfigurator Hello, I just switched pfsense webconfigurator from HTTPS to HTTP, I can navigate to the HTTP login page, but when I attempt to login with admin credentials, I'm taken back to the login page. 5, my SSH keys no longer work. tvosinvisiblelight. After changing it to 1420, the problem seems to have resolved. php playback changepassword<USER><PW><PW>\exit". Using the PHP developer shell on pfSense® software allows manipulation of the firewall configuration directly without using the GUI. Since we accidentally forgot our console admin password, we followed the instructions on pfSense documentation and tried to reset it. I'm writing a script to automate container creation in proxmox, and i would like to SSH pfSense router and then add a static mapping in DHCP for container's mac address. Pretty stoked with it. Pretty damned happy. firewall. I can do this no problem with the admin account, but would like to create a tailor-made user account only for this purpose. Also do some packet capture and see if if there is TCP reset coming from the SSH server. # apctest. I can't access our gateway via the GUI because I don't have user login credentials (no documentation!). 2. i'm not sure how pfsense will react to an immutable ssh config, but give it a shot. Then press 5 to select reboot for pfsense, then reboot. Both adds complexity too, but that's real security. IDS/IPS could help protect your servers Jul 6, 2022 · The Settings tab in the User Manager controls how the firewall authenticates users for the GUI and SSH. To allow only key-based SSH authentication, set SSHd Key Only to Public Key Only. Most configuration items in Netgate® pfSense ® Plus software are typically controlled via the GUI. However, the admin account goes to the menu rather than the shell, so automating the script isn't going to work. According to Netgate documentation, the Device Key used by the Auto Config Backup is generated from the SHA256 hash of the SSH public key on the firewall. After that ‘Enable Secure Shell’ is checked. 3, Hit enter to start /bin/sh. A pfSense Gold subscription plus the AutoConfigBackup package saves your config to their cloud, and you can easily restore from several saved configs. When I ssh to other systems (Linux-based) I get prompted for my private key password and then get logged-in. Pfsense is on 192. My SSH connections have been tampered with in the past, so I want to make sure that I am not being MITMed. TROUBLESHOOTING: first and foremost, hitting CTRL-Z did suspend the /etc/rc. yaml and restart the adguard container. Tell us the username and email address associated with your Reddit account, and we’ll send you an email with a link to reset your password. Jul 18, 2022 · Step 1 – Make sure we have a Backdoor in Place. 3. Gain root shell with either SSH or by attached monitor/keyboard/serial console. depends did you set a root password by chance? could log in as root with an HDMI and USB connection. In essence, fail2ban will SSH into pfSense and run a script. Luckily this is just for one of our offices, but it's still a pain tbh. set socks proxy to localhost 9999 on your browser. Learning during an outage is not a good thing. If you can login to console then you can change webadmin password. g. I've checked the logs and found this: 2021-11-14T09:07:59sshd [73646]userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] I see the following in the changelog for this realse notes ( https://forum I'm ssh'ing from a Win11 box to pfSense using a key pair created with ssh-keygen (OpenSSH) under Windows. I tried pinging the switch but no packet make it through. ssh admin@your. 2 for a couple weeks with no issue until a day or two when I noticed that I could not access the WebConfigurator UI nor could I ssh into pfsense. You need to check: IP on WAN interface - Gateways - DNS assigned for gateway - NAT outbound rule for LAN - If it’s IPoE you may need to register your pfsense WAN interface MAC to ISP. When I connect to OpenVPN from WAN, I can access every host on the LAN (file server, pfSense, media server) and hosts in . DutchOfBurdock. Thanks to Manuel Kasper and all the m0n0wall community members for an idea that is still fresh and relevant after 20 years, continuing with the latest release of pfSense Plus software. By default, the SSH service is disabled for security purposes. A VPN is just as vulnerable as any other service; if it got owned, pfSense is potentially compromised. A user can connect with any standard SSH client, such as the OpenSSH command line ssh client, PuTTY, SecureCRT, or iTerm2. open https://127. password and follow the prompts to reset password. 5, reboot /sbin/reboot. All of the internal users are not affected- all of us can browse the Internet. Interesting thought, tried it, no love on either HTTP or HTTPS on 127. The CPU in the firewall is a Celeron processor. reReddit: Top posts of June 1, 2018. Then in the redirect IP and Port, punch in your server's IP and Port 22. morbidpete84 • 2 yr. kitty. Having SSH available on LAN side only (and preferably authentication via certificates and not password) gives you a second route by which you can connect and do these restarts, or restart the entire system in a crunch. log or your log file of choice. Try turning on logging on those first 2 rules. 1, Reboot appliance. 2, Select boot option for ‘Single User Mode’. The Rule-View looks now like this: Firewall > Rules > LAN tab. I tried to do that by blocking ssh via Also don't forget to practice how to recover one. Set the Encryption Password to match the previous installation. Coins. If you want to go the Sophos UTM route, there is a trick to install the home license. 153 Online. I figured that the firewall should be involved, particularly given the "Default LAN to any" rule. internal comms packets shouldnt be going anywhere near the firewall. When they installed the pfsense and Cox installed a new “modem” (gateway) so we are double NAT. This will grant access to the GUI, whereas an SSH key will only allow access to the SSH command prompt. Really hoping I don't need to do the usb method of reinstalling because I also forgot to save a version of the settings. Everything still accessible. use HAproxy, best with SSL offload to direct ingress traffic to your servers. Locked post. Jul 5, 2017 · 0) Logout (SSH only) 9) pfTop. This will map 2222 externally to 22 internally for SSH to your box. password. try setting the file to ”immutable”. To reset your SSH/root password simply: EDIT: I took over the maintenance of our network after the previous sysadmin, and now I just realised that the password for our pfSense GW stored in our password vault isn't correct. ago. Maybe that is what is blocking ssh. Search for ‘password’ in the box at the top-right there to find it more easily. This value is specified in minutes, and the default is four hours ( 240 minutes). It works (it worked for me), if you can SSH into the pfsense box from the guac box (through the CLI) then its most likely an issue with your guac box which is outside the scope of this sub Reply Cannot get Web GUI Access to PFSense. I'd recommend generating an ed25519 key, but really anything will do—if you go with RSA then ssh-keygen -b 4096 should get you a sufficiently sized RSA SSH key. Mar 15, 2024 · Basic configuration and maintenance tasks can be performed from the pfSense® system console. I could, for example, obtain the host key fingerprint via the server's web console. Trick here is to make your user login not run the pfSense menu rc as it's shell, that way you get straight access to the shell. I posted a shell one-liner that displays all active host keys, which can be used in Diagnostics -> Command Filters can be reset by rebooting the modem/bridge/WAN device. This will deauth them from the current cloud controller and wipe the inform URL in the APs. Configure DHCP Static Mappings from shell. After you complete the above you can try log in the webgui with the new password. You have the rules to allow traffic, but not the NAT rule to actually forward the traffic. You may have created the key with a weird null character or something. 77. I have used it and it only changes the password, it does not alter the rest of the config. This came up when I wanted to add an IP address exclusion to pfBlockerNG. If the GUI is on port 443, set the SSH client to forward local port 443 (or 4443, or another port) to remote port localhost:443. Reboot. I had not mtu set on the wireguard interface and it was defaulting to 1500. exe -ssh <IP> -l <ROOT USER; BUT NOT 'ROOT' TO GET SHELL> -pw <PW> -cmd "sudo pfSsh. Hoping the password is stored somewhere in the pfSense file system. Hit Esc. If you just want smaller logfiles you can use something like fail2ban (what are the options for FreeBSD and pfSense here btw?) Jan 5, 2024 · Running 2. pfSense for redditors - Open Source Firewall and Router Distribution. 4. Paste in the new certificate and/or private key data in PEM format. SSH server behind, disallow a shell, port forward only to designated port (or use it as a SOCKS gateway). 20 VLANs (NVR and cameras). 10. if you have setup ssh access to your firewall on WAN, secure it with a public key, never with a password only. This won't help you now but perhaps an idea to think about once they get settled. 3, run mount -a -t ufs. Share. Jul 1, 2022 · Navigate to System > Advanced, Admin Access tab. I can access the firewall itself but not though the web and I need to add a port forward to it. I just have to press enter. In your current Unifi controller forget your APs. 23 votes, 21 comments. Oct 10, 2022 · Firstly, to begin, navigate to System > Advanced, Admin Access tab. JesterBarelyKnowHer. Connection –> SSH –> Auth. After all, it is only FreeBSD and the pfSense config is in XML. Creating a new Certificate. to clear the flag: chflags nosimmutable filename. However, I do it by SSH. However, I'd recommend not exposing SSH to the internet. (Note: pfSense is switching to standard/flat logging in next release. But pfSense currently uses clog (circular logging), so you're not going to get what you're expecting. ) Instead, use this clog command to convert the entire How can I remote ssh to my pfsense router. I don't have a pfsense box in front of me but the rule should look like: It's easy to do from the pfsense box if you know how: Stop the apcupsd service from services in the webgui. Follow the prompts to reset the password demize95 • 6 yr. I use single port VLAN Setup. 168. Step 3 – Google Chrome. Navigate to the Restore tab. This field specifies how long a GUI login session will last when idle. bak. Exposing SSH is fine, just avoid password-based authentication. 1 i guess, this must be another router. I can't detect any IOT on HA server (when assessing from computer webpage, I assume this is due to configuration (Pfsense is basically stock setup). here -D9999. If the Jul 6, 2020 · I forgot to mention something which might help in troubleshooting: when I initiate the SSH connection with putty, I get a "Putty Security Alert", saying "The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold. The console is available using a keyboard and monitor, serial console, or by using SSH. Block all IPv4 by source. 7) Ping host 16) Restart PHP-FPM. setup pfBlockerNG to keep known scanners off your firewall. Micro USB hooks into your PC for SSH (enable this first in case you screw up, the reset switch pfSense needs to be handing out DHCP addresses first before any of this will work. My problem is that I have several PFSense servers that use the same Device Key. . 3) Reset webConfigurator password 12) PHP shell + pfSense tools. Top 2% Rank by size. Is there a way to recover the password and if not what are my options? Pfsense is on a router which runs to a network switch. In order to get around this, I created a new account in pfSense will shell access. 1 in your favourite browser. 03 and later, the password cannot be set to the default value (Default Username and Password). Click to edit the tunnel Phase 1 entry. Google to find out what key to spam during booting up to get into your bios. We had this topic a few days ago. Default - no rules at all on the LAN4 interface. I think, this is related to FreeBSD (v13) and Realtek drivers rater than OpnSense. 10 and . 7. Wasn’t aware that was a thing. ". Change the default ssh port to reduce noise in your logs. Enabling SSH on pfSense. 111K Members. Go to firewall --> NAT and add the eternal range of 2222 to 2222 with a destination of WAN address. Our tutorial will teach you the Pfsense password recovery procedure. Then, go into System Logs>Firewall and you'll see your connection attempts logged as being green (allowed). 4, run /etc/rc. Or, as you're trying the connection, refresh the rule screen and if the first column shows 1 or more active FW States, the FW is allowing it. Now this menu appeared. 2 upgrade turned off the ECDSA host key and enabled a Ed25519 key. Either works fine on pfSense. The only open NAT ports on the firewall are 80 and 443, because I have a letsencrypt docker box serving SSL-protected containers. Maybe database writes are slow but it has to save the new password so don't understand really. In bios, select your usb stick to boot from. 20240314. Click the Submit button. 4. Although I am using the LAN and WAN V4 IP's to try to get into my PFSense Firewall through a browser I was able to at one point but now I cannot access the web interface for my PFSense firewall any longer. but if you set a root pass word could try logging in as root then change the Password for the pi user. In other case you should follow these simple steps. mattsl • 7 yr. I am aware of programs like PAGEANT which we can use to manage keys but right now let’s just keep it simple. Developed and maintained by Netgate®. So then tried a password reset with a known password and can not login with that. At the time of key creation I specified a password for the private key. ) Select 8) Shell, and run apctest from console (see below), select 4 and new date, start the service again when done. Ensure the two fields match to confirm the password. On one of the boxes inside my network, the logs show a failed SSH login attempt. I can access the SSH login for the firewall but with that - I do not know what password would have been set. Creating a pfSense Backup. must be root to do so. 3. and even update the system. I keep getting the Server refused our key message in my console. Modem (in bridge mode) --> pfSense (make sure DHCP is working) --> switch --> cloud key. Paste the old device key into the Device Key field. 24 subnet. I'm not exactly sure what you're referring to here. Or you can use port knocking. However, this is a very tedious process: Generate a root password through the Hetzner Cloud web interface ("RESCUE" > "RESET ROOT PASSWORD"). The shell can be started from console menu option 12 or from the CLI by . The two respective entries are the second and third in the list. 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration. [deleted] • 4 yr. First Connection Behavior ¶. Click to edit the entry. My pi's came with a HDMI converter and a Micro USB to USB-A Female so when this stuff happens i run it fully wired up. Easy to setup without a VGA console, was a bit leery about that. 教程 PFSense - 启用 SSH [ 一步一步] 学习如何通过遵循这个简单的分步教程，在 5 分钟内使用 SSH 实现 PFSense 远程访问。. b. • 1 yr. Click on the Browse button and select the private key file saved earlier. How to Enable the SSH Service. 0/. The packet capture should quikcly identify why it is closed. Enabling SSH for that newly-created user is not an issue, but when I attempt to run "ifconfig igb0 mtu xxx", I get an operation not permitted Mar 14, 2024 · Upon updating to build 24. 1, all on the 10. r/homelab. It was my only option as ssh using my backup admin account ( I disabled the factory admin account) resulted in a console menu that could be started manually via script, but was not exactly functional. Can I reset the password and then reset the "too many login attempts" from SSH? comment sorted by Best Top New Controversial Q&A Add a Comment Aug 12, 2022 · Find the entry in the list. Blank password, root on destination host does not have a blank password, so I know it uses the key. If you generate your key without a password, it should not even prompt you. Also check firewall rules. 03. Installing a new image on a spare HDD (to prevent losing what I have since it still routes traffic), it will not boot. Once you gained root, you can copy /etc/asg to /etc/asg. Good luck. 1. I’ve seen configuration and remote execution via rsh and ssh and it isn’t pretty. We were using pfSense CE 2. Select the password reset entry and click ‘Edit’, then change the %HOSTNAME% to whatever you want. initial process and drop me back into a basic /bin/sh shell. Click Save. First part is OK, but I'm stuck at finding how to insert the mapping. The first, pfB_PRl1_v4, is added from the pfblocker_ng extension for blocking malicious hosts, the last two allow all other traffic to path through from LAN. Set SSHd Key Only to Public Key Only to allow only key-based SSH authentication. Reset your password. I tried accessing the devices via console (we have two devices running pfsense) and likewise, no user credentials. Until you reset one of your pfsense boxes and force yourself to recover from a backup you won't realize what you really get back from the backup config and what you need to do upfront and post. running /bin/tcsh did give me the normal shell but upon exiting I returned to the basic /bin/sh shell and then exiting that closed the connection. I don't find anything relevant. Email Address. System allowed me to use a 3 character password, which I verified by logging out and back in again. Thanks for noticing. If you password protected the console, you'll have to boot into single user at boot. Check the box labeled 'Enable Secure Shell'. Finally, FlipperPhone! With this DIY open-source module you can call and write sms with FLipperZero. while it's rebooting, press the key to get into your bios e. You can also do a manual backup for them once you get them set up. 4) Reset to factory defaults 13) Update from console. If you are using docker I found an easier way to reset the password, by using an apache docker image instead of installing apache2 on a server: I used this command to call htpasswd from an apache docker impage: And then copy paste the password hash into your AdGuardHome. my device i had to press F11. This is a regularly scheduled release of pfSense Plus software including new features, additional Jan 11, 2017 · PuTTY needs to be configured with the private key, to do this navigate to –. Failed to remount in single user mode when trying to reset password. Change the default port by entering a new port number in the 'SSH Port' box. x. AFAIK, merely upgrading should not affect the server host key (it's not affected mine). Access the advanced settings page in the system menu. Username. Add sshguard ontop and brute force attacks get greatly slowed down. The 2. pfsense says traffic will be blocked, but when tested, I find the webserver is fully accessible. The public SSH key of which user? My webgui won't let me login, but I'm able to ssh no problem. html will guide you through the password change process if you have physical access to the device. check your netmasks. 03 and later, during the first connection to the console or SSH after installation or resetting to factory defaults, the user is prompted to set a new password for the admin account. chflags simmutable filename. I see the "Successful login for user 'xxx' from: x. View community ranking In the Top 5% of largest communities on Reddit. But we just cannot remount the file system writable and therefore had trouble resetting the password. All IOT for HA is on wifi. Is there any way to reset this password, when I am unable to login? Lower your MTU and try again. Yeah it's weird. • 3 yr. Needless to say I forgot the password and apparently I also didn't right it down anywhere. Block all IPV4 and IPV6, one rule to block all by source, and another rule to block all by root/admin ended up being easy in the end: If there's a way to change root password in a 1-liner, surely the webgui too. Mar 15, 2024 · Remotely Circumvent Firewall Lockout with SSH Tunneling¶ If remote access to the GUI is blocked by the firewall, but SSH access is allowed, then there is a relatively easy way to get in: SSH Tunneling. When i try to chroot it says that /bin/bash/ doesnt exist and i saw a youtube tutorial of a guy and he had so many directories and such inside /mnt which i dont even have May 27, 2016 · 3) Reset webConfigurator password 12) pfSense Developer Shell. Replacing with better hardware (i3 from Celeron 1037) ended up the same way, except it takes 10-30 minutes on 500Mbit cable instead of 5-10 seconds of Celeron 1037. The admin account password can be reset over SSH if the SSH key option was used instead. If so turn on logging and check out what is going on as the TCP session is started and ends. Make sure to capture at HOST (SOURCE) and the SERVER (Destination). One key feature we want is PBR. Jun 17, 2022 · Replace the failed disk. x" messages in ssh, but I can't get into the webconfigurator proper. AndyRH1701. Alternately, renew, create, or import a new CA/Certificate, then select the new entry: Navigate to VPN > IPsec. To get remote management to the firewall it would be far better to leave the WAN firewall access blocked, setup a VPN and allow the local networks to pfSense white listed access. But if I try to SSH into the switch I can't make any connection. 0 subnet. ChronicledMonocle. Try "root" for both the username and password. 0323 and logging in, you are immediately taken to password reset (if it was still default). 1-RELEASE-p2. Failing that, you can edit the message text directly in Control Panel->Notification->Rules->System. The pfSense® project is a powerful open source firewall and routing platform based on FreeBSD. I'd like to temporarily, via SSH, change the MTU of ONE of the LAN interfaces. However, it’s better to change the hostname directly as Mar 15, 2024 · Password / Confirm Password. As this is my first time connecting I am presented Ever since updating to 21. true. • 6 yr. Reset Password. Reply reply Feb 13, 2017 · And then you run the the following: pfSsh. This password cannot be set to the same value as the username. Help, I've lost the password for my SSH login I've lost the password for my SSH login Jun 11, 2021 · Turning off the firewall with the command pfctl -d we can access ssh (port 22) normally. You should at least have a permit rule with This Firewall destination port 22 (or whatever port you're using for SSH). Have a nice day. PLUS: We know that access can be allowed through the gui (http/web gui), but we need this initial access to be allowed through the pfSense terminal/console/shell I'm working on a small home lab , where I'm using a pfsense router on vmware with one wan and 4 lan segments. Or the backup server has fail2ban enabled. Once at shell, mount -a. When using SSH, both the admin username and root username are accessible using the admin account credentials. チュートリアル PFSense - SSH を有効にする [ ステップ バイ ステップ ] この簡単な手順のチュートリアルに従って、SSH を使用して 5 分以内に PFSense リモート アクセスを有効にする方法について説明します。. To enable the service, log into the web interface of the pfSense router. Configure LAN and WAN. 5-p1) as my router, with pfBlockerNg set to block traffic from Asia. The password for this user. I'm trying to understand from what SSH key the device key is generated. pfSense® Plus software version 23. Step 2 – Creating a new Certificate Authority and Certificate for SSL. Use pfsense_fauxAPI or Ansible, there are a great many ways to mess up sending commands to a remote system; especially if you start interpolating variables into your remote commands. On pfSense Plus software version 24. but I can make pfSense ping the switch with success. Reboot the pfSense box; Choose option 4 (Single User Mode) from the loader menu (The one with the ASCII pfSense logo) Press enter when prompted to start /bin/sh; Remount the drive as rewritable: /sbin/mount -o rw / Run the built-in password reset command: /etc/rc. On other versions, the default username is admin and the default password is pfsense Try that. Dec 9, 2021 · 2nistechworld. A value of 0 may be entered to disable session expiration, making the login sessions In your monitor, switch input to your router. I got a new modem, switched carriers and now I can't ssh into my pfsense nor can I reset it The workstation is at 10. Never use the passwd command to change anything on pfSense. Recently I got a new mobile phone, setup OpenVPN on it but can't remember the password to login. Hi, so basically i need to reset my root password via SSH and i tried to look up tutorials, forum posts everything and i have a huge problem that i can't reset it. 0. SG-1100, a quick review. After that, if the SSH daemon should listen on a port other than the default, enter a port number in SSH Port. shalafi71. FreeBSD 11. https://docs. Well, that’s it. 66. Since you're on Linux, try man ssh-keygen to get the manpage for the built-in key generator. Follow instructions resetting password. switch connects computers, pi w/ HA, and WiFi router via Ethernet. Enter a port number in SSH Port if the SSH daemon should listen on a non-default port. Then execute the pfSense console wrapper. Create a NAT rule that forwards the port. Hi guys and gals! I'm working to create a business case to purchase pfSense for my organization. 10 and the pfsense LAN port is at 10. •. Block all IPv4 by destination. Locate the VPN tunnel in the list. This will show as a change of host key. netgate. There are edge cases where the web interface will crash necessitating a restart of it or PHP-FPM. Navigate to Services > Auto Config Backup, Settings tab. initial. It’s a tad slower than a PC at changing options/switching screens but I get my full bandwidth (140x20). nothing can modify it without being root and clearing the flag. Additionally, on pfSense Plus software version 24. Even then realistically you'd be fine with decent passwords and a nonstandard username, but its not advisable Reply For a one-time download: Diagnostics->Command Prompt->Download File-> /var/log/system. You can pull configs, set configs, get logs, run commands etc. Policy Based Routing. com/pfsense/en/latest/troubleshooting/locked-out. Confirmed you cannot re-use the original default "pfsense" when trying to change the password again. Check Enable Secure Shell. Log on to the console (ssh or physical/idrac etc. Still accessible. Exporting the Certificate Authorities. 1) Assign Interfaces 10) Filter Logs. Type boot -s. Using this mechanism also allows rapid deployment of pfSense software and/or the setup of exotic configurations. Physical KB and display to restore from previous config via console menu. This is the issue, although you won't need to worry about NAT reflection in your particular setup because your pc is not on the pfsense lan. Do you self-host password manager on premise? Reddit . Install pfSense software on the new disk. 234, the server/ssh host is at 10. Nov 30, 2023 · The Secure Shell (SSH) server provides remote console access and file management. Mar 15, 2024 · Using the PHP Shell ¶. So, I believe it is probably sensitive again to hardware. I managed to create connectivity on the lan segments by allowing ip4 traffic and then reset the firewall table. Leave the field blank for the daemon to use port 22. As u/Joe_Pineapples suggested 'root' for both login and pass worked. php playback changepassword , it will ask you the new password and to confirm the new password for the user. /etc/rc. IMPORTANT: We need enable access to sshd (port 22) through pfSense's terminal/console/shell. Creating a Sub Certificate. 01-RELEASE is now available. Access methods vary depending on hardware. Learn how to reset the password of the Admin user on Pfsense. The best practice is to set a password. Download the most recent hardware ISO and install over factory defaults. The script works when I run it locally, and it works when I SSH using the admin account. I have pfSense (2. I installed pfsense onto a mac mini. 2) Set interface(s) IP address 11) Restart webConfigurator. Now my next step is to block ssh access to the firewall from the 192. mw mi ga ki lm ra no hg ht bp