Dear All,
I find it very insecure to direct login as root via serial console. May I know is there any method to secure the account such as sudo or TOTP or 2FA?
Please help me on this. Appreciate it. Thanks.
I assume you already secured serial root access with a password via the GUI setting System->Settings->Administration->Console->Console Menu?
Thus, root login on the serial console usually needs physical access PLUS knowledge of the root password to do any harm, whereas root access over the network needs only the latter.
So in what way is serial access less secure than having root access at all?
Yes, I had secured the serial console but I want further harden the serial console with sudo or 2FA. It makes the intruder harder to gain root access to the console.
You can use TOTP-based authentication, this is applied to console access as well:
https://docs.opnsense.org/manual/how-tos/two_factor.html
Why not put a random secure root password or disable root login? ¯\_(ツ)_/¯
I don't quite understand the problem that we are trying to solve while ignoring all the tools that work in the first place?
Cheers,
Franco
How to disable root login on console?
System: Access: Users edit "root" and check "Disabled". Save and done.
And yes, you need a separate admin account for the GUI if you want to disable root.
Cheers,
Franco
Dear Franco,
May I know how to create a normal admin user and sudo as Root? Thanks.