[SOLVED] Must login to SSH as root (even when disabled)

[Rainmaker]

I have setup OPNsense to run SSH over a non-standard port. Login group is set to wheel and admins. Root login is disabled (box unchecked). However, when I try to SSH into the box as 'user' (who is a member of admins), I am prompted for the password. The password is accepted and the OPNsense logo appears, but followed immediately by a message that I 'must be root to login'. As I said, 'permit root user login' is unchecked, and the root user account is disabled in System > Access > Users!

The only way around this is to enable the root user, and log in via SSH using root. My 'user' is a member of admins, with permissions inherited from admins. What am I missing? It's obviously much less secure to enable the root account for SSH than to log in as 'user' and use sudo.

[franco]

Taking a guess over "must be root to login" is actually "Must be root."

I cannot stress how important it is to deliver the precise error message in order to be of meaningful help.

So anyway, here it goes.

You cannot set "opnsense-shell" as a non-root user shell.

Give the user a real shell and use "sudo su" after properly configuring it.

There are a couple of topics that deal with how to set this up and why it's necessary.


Cheers,
Franco

[Rainmaker]

Thanks, Franco. That fixed it.

[franco]

Glad to hear.