OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: Rainmaker on October 29, 2018, 01:42:38 am

Title: [SOLVED] Must login to SSH as root (even when disabled)
Post by: Rainmaker on October 29, 2018, 01:42:38 am

I have setup OPNsense to run SSH over a non-standard port. Login group is set to wheel and admins. Root login is disabled (box unchecked). However, when I try to SSH into the box as 'user' (who is a member of admins), I am prompted for the password. The password is accepted and the OPNsense logo appears, but followed immediately by a message that I 'must be root to login'. As I said, 'permit root user login' is unchecked, and the root user account is disabled in System > Access > Users!

The only way around this is to enable the root user, and log in via SSH using root. My 'user' is a member of admins, with permissions inherited from admins. What am I missing? It's obviously much less secure to enable the root account for SSH than to log in as 'user' and use sudo.

Title: Re: Must login to SSH as root (even when disabled)
Post by: franco on October 29, 2018, 08:12:27 am

Taking a guess over "must be root to login" is actually "Must be root."

I cannot stress how important it is to deliver the precise error message in order to be of meaningful help.

So anyway, here it goes.

You cannot set "opnsense-shell" as a non-root user shell.

Give the user a real shell and use "sudo su" after properly configuring it.

There are a couple of topics that deal with how to set this up and why it's necessary.


Cheers,
Franco

Title: Re: Must login to SSH as root (even when disabled)
Post by: Rainmaker on October 29, 2018, 12:50:11 pm

Thanks, Franco. That fixed it. ;)

Title: Re: Must login to SSH as root (even when disabled)
Post by: franco on October 29, 2018, 08:38:24 pm

Glad to hear. 8)