Hi
I want to create a user I can use to access the console (including sudo power to reboot etc), but which has no web access.
I have a root user, but that user has full access to the whole GUI. Thusly, since the web UI is accessible from everywhere, it has a nice crazy long password (120 characters or so), kept in a password db. Trivially, using that user on the console is not fun. I'd like a user that can have a short "secure" password, but has no web UI access.
I can't see a way to give it sudo console access without being a member of the admins group, which also gives it full UI access, thus presenting a glaring security hole (IMO).
Thoughts?
Why not restrict the web gui to certain ips? My opnsenses are just accessible via management network and from admin pcs.I
Maybe you have to disable the anti-lockout option and add your own access rule.
Isn't that what https://github.com/opnsense/core/issues/3407 was all about? It did hit 19.1.8.
Cheers,
Franco