Root login to SSH

  • I've edited sshd_config to not allow root user to login and restarted the pfsense box (I'm BSD stupid so I couldn't figure out how to restart the ssh service) but I can still log in as root.  ??? Any advice would be much appreciated.

  • There are two issues I see here:

    • #1) /etc/ssh/sshd_config gets re-generated from data that is stored in /conf/config.xml

    • #2) The way (config option) you are trying to prevent root logins is simply wrong

    Issue #1 means that your custom sshd_config gets overwritten. Please check whether /etc/ssh/sshd_config still contains your custom modification.

    Daniel S. Haischt

  • Thanks for the reply.

    1. sshd_config has not retained my configuration change as you suspected.
    2. please advise what change you would recommend instead.

    Thank you.

  • This is a more general issue …

    The issue is that the current process expects that the user configures the system through the HTML based webGUI. This means that editing config files manually may cause an issue where your manually edited config file gets overwritten by the system sooner or later.

    Even SuSE's Yast had this issue...

    Upcoming pfSense releases may support user roles. This means you would be able to specify whether a user will have the right to login via SSH. Tho PermitRootLogin no isn't currently implemented (neither in RELENG/stable nor in HEAD/unstable).

    But this brings me to the question: Why are you going to disable root SSH-logins, if root and admin are the only shell users on a default 1.0 pfSense system?

    Daniel S. Haischt

  • You can disable ssh completely.

    Look in the Advanced menu (the very first menu option).

    There will be an option "Enable Secure Shell". Make sure that the tick box in empty.

  • SSH is disabled by default anyway…

Log in to reply