Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Method to secure root account
« previous
next »
Print
Pages: [
1
]
Author
Topic: Method to secure root account (Read 2214 times)
peterwkc
Full Member
Posts: 112
Karma: 0
Method to secure root account
«
on:
May 29, 2022, 12:58:30 pm »
Dear All,
I find it very insecure to direct login as root via serial console. May I know is there any method to secure the account such as sudo or TOTP or 2FA?
Please help me on this. Appreciate it. Thanks.
Logged
meyergru
Hero Member
Posts: 1680
Karma: 165
IT Aficionado
Re: Method to secure root account
«
Reply #1 on:
May 29, 2022, 11:47:11 pm »
I assume you already secured serial root access with a password via the GUI setting System->Settings->Administration->Console->Console Menu?
Thus, root login on the serial console usually needs physical access PLUS knowledge of the root password to do any harm, whereas root access over the network needs only the latter.
So in what way is serial access less secure than having root access at all?
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
nicholaswkc
Newbie
Posts: 15
Karma: 0
Re: Method to secure root account
«
Reply #2 on:
May 30, 2022, 09:19:27 am »
Yes, I had secured the serial console but I want further harden the serial console with sudo or 2FA. It makes the intruder harder to gain root access to the console.
Logged
meyergru
Hero Member
Posts: 1680
Karma: 165
IT Aficionado
Re: Method to secure root account
«
Reply #3 on:
May 30, 2022, 02:49:18 pm »
You can use TOTP-based authentication, this is applied to console access as well:
https://docs.opnsense.org/manual/how-tos/two_factor.html
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Method to secure root account
«
Reply #4 on:
June 02, 2022, 11:12:23 am »
Why not put a random secure root password or disable root login? ¯\_(ツ)_/¯
I don't quite understand the problem that we are trying to solve while ignoring all the tools that work in the first place?
Cheers,
Franco
Logged
nicholaswkc
Newbie
Posts: 15
Karma: 0
Re: Method to secure root account
«
Reply #5 on:
June 03, 2022, 04:03:14 am »
How to disable root login on console?
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Method to secure root account
«
Reply #6 on:
June 03, 2022, 11:41:48 am »
System: Access: Users edit "root" and check "Disabled". Save and done.
And yes, you need a separate admin account for the GUI if you want to disable root.
Cheers,
Franco
Logged
peterwkc
Full Member
Posts: 112
Karma: 0
Re: Method to secure root account
«
Reply #7 on:
June 11, 2022, 09:44:55 am »
Dear Franco,
May I know how to create a normal admin user and sudo as Root? Thanks.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Method to secure root account