Secure Shell Using default password (v2.0.2)



  • First, I have a fresh install of pfsense 2.0.2 for a test environment. I've setup the interfaces and noticed that it did not require me to use https to log into the webgui which I thought it was supposed to in version 2.0+. I promptly changed this in the settings and all seems fine.

    Second, part of my setup is to create a new named admin user and then add appropriate permissions then I disable the default admin. I've been doing this since 2.0 without any issues. This leads to the Secure Shell issue I've notice. I've never used Secure Shell before and decided to try it out. Using putty i can successfully connect, when asked for credentials I used the default (root/pfsense) and can successfully log in; even with the admin account disabled! I double checked in the User manager and the admin account is disabled, I also removed the ssh role. Test number two still allows me to log in. Am I doing something wrong in the webgui setup area or is this indeed a bug?



  • Update: If I change the default password it will no longer allow me in using the default root/pfsense credentials, but the account is still disabled and still let's me in using the new password.



  • Update 2:

    Default admin still disabled.

    System > Advanced > Secure Shell > Enable Secure Shell = unchecked

    Still gain access using putty.



  • Set admin's password so it sets root's. Admin cannot be fully disabled since root can't be disabled.


Locked