[SOLVED] Must login to SSH as root (even when disabled)

Rainmaker · October 29, 2018, 01:42:38 AM

I have setup OPNsense to run SSH over a non-standard port. Login group is set to wheel and admins. Root login is disabled (box unchecked). However, when I try to SSH into the box as 'user' (who is a member of admins), I am prompted for the password. The password is accepted and the OPNsense logo appears, but followed immediately by a message that I 'must be root to login'. As I said, 'permit root user login' is unchecked, and the root user account is disabled in System > Access > Users!

The only way around this is to enable the root user, and log in via SSH using root. My 'user' is a member of admins, with permissions inherited from admins. What am I missing? It's obviously much less secure to enable the root account for SSH than to log in as 'user' and use sudo.

franco · October 29, 2018, 08:12:27 AM

Taking a guess over "must be root to login" is actually "Must be root."

I cannot stress how important it is to deliver the precise error message in order to be of meaningful help.

So anyway, here it goes.

You cannot set "opnsense-shell" as a non-root user shell.

Give the user a real shell and use "sudo su" after properly configuring it.

There are a couple of topics that deal with how to set this up and why it's necessary.

Cheers,
Franco

Rainmaker · October 29, 2018, 12:50:11 PM

Thanks, Franco. That fixed it. ;)

franco · October 29, 2018, 08:38:24 PM

Glad to hear. 8)

[SOLVED] Must login to SSH as root (even when disabled)

Rainmaker

October 29, 2018, 01:42:38 AM Last Edit: October 29, 2018, 08:38:34 PM by franco

franco

October 29, 2018, 08:12:27 AM #1

Rainmaker

October 29, 2018, 12:50:11 PM #2

franco

October 29, 2018, 08:38:24 PM #3