Why can't I log in as 'root' over SSH if I disable the 'admin' user?

scilek

Prior to version 2.6, I would disable the admin user but would still be able to log in as root over SSH. Now, I can't. Is this a bug or a design choice? What can I do to mitigate this issue?

NollipfSense

@scilek said in Why can't I log in as 'root' over SSH if I disable the 'admin' user?:

Prior to version 2.6, I would disable the admin user but would still be able to log in as root over SSH. Now, I can't. Is this a bug or a design choice? What can I do to mitigate this issue?

Because, admin is root.

scilek

@nollipfsense
Yes, I know, but why can't I log in as root through SSH anymore?

NollipfSense

@scilek said in Why can't I log in as 'root' over SSH if I disable the 'admin' user?:

@nollipfsense
Yes, I know, but why can't I log in as root through SSH anymore?

So, did you enabled it again and reboot?

scilek

@nollipfsense

Yes I did. But want to disable the admin user on the web interface but enable the root user on SSH.

NollipfSense

@scilek said in Why can't I log in as 'root' over SSH if I disable the 'admin' user?:

@nollipfsense

Yes I did. But want to disable the admin user on the web interface but enable the root user on SSH.

Do you understand that "admin" is "root" if you disable admin webGUI, you also disable root for SSH?

scilek

@nollipfsense
That was not the case prior to version 2.6.

NollipfSense

@scilek said in Why can't I log in as 'root' over SSH if I disable the 'admin' user?:

@nollipfsense
That was not the case prior to version 2.6.

It has been since I joined pfSense just prior to v2.4.

viragomann

@scilek
Go to System > User Manager > Users > admin and remove the WebCfg privileges from the user.

ptt

@scilek said in Why can't I log in as 'root' over SSH if I disable the 'admin' user?:

@nollipfsense
That was not the case prior to version 2.6.

https://forum.netgate.com/topic/169323/2-6-0-rc-bugs/6

scilek

@nollipfsense
I just connected to a router running version 2.5.2 to check. The admin user is disabled but I can still log in as root over SSH.

scilek

@viragomann
I did that, but I can still log in to the web interface as admin.

NollipfSense

@ptt said in Why can't I log in as 'root' over SSH if I disable the 'admin' user?:

@scilek said in Why can't I log in as 'root' over SSH if I disable the 'admin' user?:

@nollipfsense
That was not the case prior to version 2.6.

https://forum.netgate.com/topic/169323/2-6-0-rc-bugs/6

Okay, learned something new today as I have always used admin for webGUI and SSH.

rcoleman-netgate

@scilek And it was fixed in v2.6/22.01

stephenw10

Just to be clear this was a bug in versions prior to 2.6:
https://redmine.pfsense.org/issues/12346

You should never have been able to login using a disabled account via SSH. It's now fixed.

Steve

scilek

@stephenw10
It was the most convenient bug in the history of computing.