Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Trying to add ssh user, but missing access rights in "Effective Priviliges"
« previous
next »
Print
Pages: [
1
]
Author
Topic: Trying to add ssh user, but missing access rights in "Effective Priviliges" (Read 1845 times)
Cuffs
Newbie
Posts: 20
Karma: 2
Trying to add ssh user, but missing access rights in "Effective Priviliges"
«
on:
April 10, 2022, 09:23:31 am »
Hi
I'm trying to create a user which has SSH login rights.
From
https://docs.opnsense.org/manual/how-tos/user-local.html
I know I should set that right via a group or directly on the user itself under "Effective Priviliges" by assigning "User - System - Shell account access"
But I'm missing that item. There are no "User -" items like in the screenshot in the Link obove.
I only see access rights for GUI I could assign (see attachment).
Am I blind? Or is there something else to be done?
ty,
Christian
«
Last Edit: April 10, 2022, 09:26:32 am by Cuffs
»
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Trying to add ssh user, but missing access rights in "Effective Priviliges"
«
Reply #1 on:
April 11, 2022, 08:50:33 am »
Hi Christian,
The shell privilege was removed in 2018
https://github.com/opnsense/core/issues/2154
in favour of an explicit selection of a login shell in the user settings.
I will adjust the documentation to make sure this change is properly reflected.
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Trying to add ssh user, but missing access rights in "Effective Priviliges"
«
Reply #2 on:
April 11, 2022, 08:58:44 am »
https://github.com/opnsense/docs/commit/bf110d303a
Logged
Cuffs
Newbie
Posts: 20
Karma: 2
Re: Trying to add ssh user, but missing access rights in "Effective Priviliges"
«
Reply #3 on:
April 13, 2022, 09:59:45 am »
Thanks Franco for the clarification.
Also feedback from my side (not knowing if this is a bug and how to raise one).
What really got me off track is:
A user that shall be allowed SSH and has a shell assigned
also needs the right "GUI: All pages"
So it seems impossible to add users with only SSH access at the moment.
Not sure if this works as designed or not?
ty
Christian
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Trying to add ssh user, but missing access rights in "Effective Priviliges"
«
Reply #4 on:
April 13, 2022, 10:04:33 am »
Hi Christian,
That's true unless you select the proper "Login Group" under System: Settings: Administration. I believe adding a group to the shell users is properly laid out in the documentation. By default only "wheel" group is selected which is indeed all users with "GUI: All pages" privilege.
Keep in mind that giving shell access to non-admins is heavily discouraged since they can read a lot of data from the file system that they should likely not have access to (and there is no mechanism to enforce an ACL there as it only pertains to GUI).
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Trying to add ssh user, but missing access rights in "Effective Priviliges"