Text only | Text with Images

OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: mircsicz on September 26, 2018, 03:13:59 PM

Title: "This account is currently not available." Problem after Upgrade from 18.1.13_1
Post by: mircsicz on September 26, 2018, 03:13:59 PM
I'm aware of this (https://forum.opnsense.org/index.php?topic=9393.0) Posting. And if there's no way around that issue I need to drive quite a few km's.

There's also an older Posting (https://forum.opnsense.org/index.php?topic=1930.0) which describes how I did it when setting up the Router...

But how the f... could that working setting be destroyed during the upgrade path. For me it's a basic security setting to disable root and allow only key login to the other user's. That is how I run all my system's! And as I'm running more than two dozen OPNsense router's all over germany I'm now kind of afraid to upgrade them with a simple SSH login... Seem's I need to go to every single Webinterface and downgrade my security settings before I upgrade. Not good!

Greetz
Mircsicz
Title: Re: "This account is currently not available." Problem after Upgrade from 18.1.13_1
Post by: franco on September 27, 2018, 12:51:41 PM
The changes are recorded via "migration notes" and are explained here:

https://forum.opnsense.org/index.php?topic=9280.0

The underlying context was that a user asked for SSH access hardening, so we decided to harden it instead of doing nothing about it:

https://forum.opnsense.org/index.php?topic=6994.0


Cheers,
Franco
Title: Re: "This account is currently not available." Problem after Upgrade from 18.1.13_1
Post by: mircsicz on October 17, 2018, 12:31:16 AM
Thanks Franco,

even though I don't like it to loose SSH during an upgrade I surely like hardening the system...

But how can I avoid being locked out prior to the upgrade? I was hoping there's a way to do that in preparation before running the 18.7 upgrade... Specifically because I got quite some machine's I only have SSH access to!

And yet so far all I found about it was:
Quote
o SSH access can be set for an arbitrary group as well under System: Administration for non-members of "admins" group.  However, in both cases only SCP works due to a request in the forum to be more proactive regarding yielding of shell access rights.  If you want a user to gain true SSH access you need to change their shell from "nologin" to an installed shell in their respective settings.

in your above mentioned thread...

EDIT:
Had a support call with Jos on friday, he suggested to script it and have the script that change's my user's login shell run after the upgrade...
Text only | Text with Images