Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Root login to SSH

    General pfSense Questions
    3
    6
    14718
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anystupidassname last edited by

      I've edited sshd_config to not allow root user to login and restarted the pfsense box (I'm BSD stupid so I couldn't figure out how to restart the ssh service) but I can still log in as root.  ??? Any advice would be much appreciated.

      1 Reply Last reply Reply Quote 0
      • D
        DanielSHaischt last edited by

        There are two issues I see here:

        • #1) /etc/ssh/sshd_config gets re-generated from data that is stored in /conf/config.xml

        • #2) The way (config option) you are trying to prevent root logins is simply wrong

        Issue #1 means that your custom sshd_config gets overwritten. Please check whether /etc/ssh/sshd_config still contains your custom modification.

        Regards
        Daniel S. Haischt

        1 Reply Last reply Reply Quote 0
        • A
          anystupidassname last edited by

          Thanks for the reply.

          1. sshd_config has not retained my configuration change as you suspected.
          2. please advise what change you would recommend instead.

          Thank you.

          1 Reply Last reply Reply Quote 0
          • D
            DanielSHaischt last edited by

            This is a more general issue …

            The issue is that the current process expects that the user configures the system through the HTML based webGUI. This means that editing config files manually may cause an issue where your manually edited config file gets overwritten by the system sooner or later.

            Even SuSE's Yast had this issue...

            Upcoming pfSense releases may support user roles. This means you would be able to specify whether a user will have the right to login via SSH. Tho PermitRootLogin no isn't currently implemented (neither in RELENG/stable nor in HEAD/unstable).

            But this brings me to the question: Why are you going to disable root SSH-logins, if root and admin are the only shell users on a default 1.0 pfSense system?

            Regards
            Daniel S. Haischt

            1 Reply Last reply Reply Quote 0
            • S
              sai last edited by

              You can disable ssh completely.

              Look in the Advanced menu (the very first menu option).

              There will be an option "Enable Secure Shell". Make sure that the tick box in empty.

              1 Reply Last reply Reply Quote 0
              • D
                DanielSHaischt last edited by

                SSH is disabled by default anyway…

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy