Trying to add ssh user, but missing access rights in "Effective Priviliges"

[Cuffs]

Hi

I'm trying to create a user which has SSH login rights.

From https://docs.opnsense.org/manual/how-tos/user-local.html I know I should set that right via a group or directly on the user itself under "Effective Priviliges" by assigning "User - System - Shell account access"

But I'm missing that item. There are no "User -" items like in the screenshot in the Link obove.


I only see access rights for GUI I could assign (see attachment).



Am I blind? Or is there something else to be done?

ty,
Christian

[franco]

Hi Christian,

The shell privilege was removed in 2018 https://github.com/opnsense/core/issues/2154 in favour of an explicit selection of a login shell in the user settings.

I will adjust the documentation to make sure this change is properly reflected.


Cheers,
Franco

[franco]

https://github.com/opnsense/docs/commit/bf110d303a

[Cuffs]

Thanks Franco for the clarification.

Also feedback from my side (not knowing if this is a bug and how to raise one).

What really got me off track is:
A user that shall be allowed SSH and has a shell assigned also needs the right "GUI: All pages"

So it seems impossible to add users with only SSH access at the moment.
Not sure if this works as designed or not?

ty
Christian

[franco]

Hi Christian,

That's true unless you select the proper "Login Group" under System: Settings: Administration. I believe adding a group to the shell users is properly laid out in the documentation. By default only "wheel" group is selected which is indeed all users with "GUI: All pages" privilege.

Keep in mind that giving shell access to non-admins is heavily discouraged since they can read a lot of data from the file system that they should likely not have access to (and there is no mechanism to enforce an ACL there as it only pertains to GUI).


Cheers,
Franco