Method to secure root account

Started by peterwkc, May 29, 2022, 12:58:30 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 29, 2022, 12:58:30 PM
Dear All,
I find it very insecure to direct login as root via serial console. May I know is there any method to secure the account such as sudo or TOTP or 2FA?

Please help me on this. Appreciate it. Thanks.
May 29, 2022, 11:47:11 PM #1
I assume you already secured serial root access with a password via the GUI setting System->Settings->Administration->Console->Console Menu?

Thus, root login on the serial console usually needs physical access PLUS knowledge of the root password to do any harm, whereas root access over the network needs only the latter.

So in what way is serial access less secure than having root access at all?

Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
May 30, 2022, 09:19:27 AM #2
Yes, I had secured the serial console but I want further harden the serial console with sudo or 2FA. It makes the intruder harder to gain root access to the console.
May 30, 2022, 02:49:18 PM #3
You can use TOTP-based authentication, this is applied to console access as well:

https://docs.opnsense.org/manual/how-tos/two_factor.html
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
June 02, 2022, 11:12:23 AM #4
Why not put a random secure root password or disable root login? ¯\_(ツ)_/¯

I don't quite understand the problem that we are trying to solve while ignoring all the tools that work in the first place?


Cheers,
Franco
June 03, 2022, 04:03:14 AM #5
How to disable root login on console?
June 03, 2022, 11:41:48 AM #6
System: Access: Users edit "root" and check "Disabled". Save and done.

And yes, you need a separate admin account for the GUI if you want to disable root.


Cheers,
Franco
June 11, 2022, 09:44:55 AM #7
Dear Franco,
May I know how to create a normal admin user and sudo as Root? Thanks.
Print
Go Up Pages1
User actions