OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: Rainmaker on October 29, 2018, 01:42:38 am
-
I have setup OPNsense to run SSH over a non-standard port. Login group is set to wheel and admins. Root login is disabled (box unchecked). However, when I try to SSH into the box as 'user' (who is a member of admins), I am prompted for the password. The password is accepted and the OPNsense logo appears, but followed immediately by a message that I 'must be root to login'. As I said, 'permit root user login' is unchecked, and the root user account is disabled in System > Access > Users!
The only way around this is to enable the root user, and log in via SSH using root. My 'user' is a member of admins, with permissions inherited from admins. What am I missing? It's obviously much less secure to enable the root account for SSH than to log in as 'user' and use sudo.
-
Taking a guess over "must be root to login" is actually "Must be root."
I cannot stress how important it is to deliver the precise error message in order to be of meaningful help.
So anyway, here it goes.
You cannot set "opnsense-shell" as a non-root user shell.
Give the user a real shell and use "sudo su" after properly configuring it.
There are a couple of topics that deal with how to set this up and why it's necessary.
Cheers,
Franco
-
Thanks, Franco. That fixed it. ;)
-
Glad to hear. 8)