OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: Stilez on November 16, 2018, 02:23:17 am

Title: Limiting root login for security - possible?
Post by: Stilez on November 16, 2018, 02:23:17 am
In case of attempts to brute force a login on a password-secured system, it adds a layer of security for an attacker to have to guess an account name, not just a password. The "root" login name will be a "well known login" for OPNSense. It's possible to create an arbitrary named user in the admin group, that is actually used for console or webUI logins, but I'm stuck there and wondering if more is possible in two areas:

Can any of these be done? If not, are there good reasons why enhancement in this area would be a bad idea?
Title: Re: Limiting root login for security - possible?
Post by: franco on November 16, 2018, 08:50:55 am
Hi Stilez,

1.) You can disable root account via checkbox in its settings. Password will be disabled (unreachable "*" password hash in Unix). This doesn't disable root completely but makes login impossible (disabling root has operational consequences that must be avoided, e.g. cron jobs stop working). Or you set a scrambled random password if that is a reasonable approach for you. Both from the user's settings. In both cases, sudo still works for your real admin account, it just needs to be configured.

2.) sudo su / sudo opnsense-shell / whatever is shorter :) you can only operate opnsense-shell cleanly with root rights.

3.) That's not really supported in a PAM-based system where even the GUI integrates, but you can strip users of all of their GUI rights and do selective SSH access via authorized_keys meaning no key no login. Suffice to say SSH password login is clearly discouraged. Console login is trickier... if user is enabled and has a password he will be able to login.
Hope that helps.


Cheers,
Franco