OPNsense Forum

English Forums => Development and Code Review => Topic started by: NOYB on December 16, 2017, 10:29:25 am

Title: Make upgrade clobbering custom root authorized keys
Post by: NOYB on December 16, 2017, 10:29:25 am
Running make upgrade clobbers custom /root/.ssh/authorized_keys.  Reverts it back to some default.

Would not have though /root would need to be modified.
Is this intended necessary behavior or a bug?
How to prevent and keep the customized authorized keys?
Title: Re: Make upgrade clobbering custom root authorized keys
Post by: franco on December 16, 2017, 10:41:03 am
Hi NOYB,

The pseudo-root account "admin" was merged into the "root" account for clarity. That means the root user will be rewritten according to its user settings, so simply add the authorized keys from the GUI and they will persist.


Cheers,
Franco
Title: Re: Make upgrade clobbering custom root authorized keys
Post by: NOYB on December 16, 2017, 11:03:52 am
Okay thanks.  But to me that seems more confusing.

To me root is the system, well root.  By system I mean the OS level.  And not to be used as an application account.  Even though an application account may be given root privileges.

Wish you would reconsider their being merged.
Title: Re: Make upgrade clobbering custom root authorized keys
Post by: franco on December 16, 2017, 11:25:05 am
For the purpose of root access through a service operated by the GUI alone, I don't believe out-of-band authorized key management is a secure approach.

Historic context, note the date: https://github.com/opnsense/core/commit/93397f8

Being able to operate the root user from the GUI makes sense at the very least for resetting and storing the password consistently, not by mere chance linked to "admin". From the GUI, you can scramble the root password or disable root. You can control SSH access to permit root login, all things that would look strange if we cannot restore a consistent system state with the config.xml.

Further improvements have been made with regard to being able to restore an arbitrary admin user acting as root  using sudo subsequently, accessing the root menu via "sudo su" and so forth. With the advent of 2FA, even the root account can be used with 2FA from the console or SSH through integrated authentication. It's really cool and flexible and consistently executed: if there are errors, it's a password typo or user setting getting in the way.

Not trying to convince you. I'm only giving you the progression here in the 36 months since that particular commit.  :)


Cheers,
Franco
Title: Re: Make upgrade clobbering custom root authorized keys
Post by: franco on December 16, 2017, 11:38:19 am
PS: There is also ~/.ssh/authorized_keys2 as long as OpenSSH continues to support it.