CLI menu on SSH ?



  • I have found many webpages and also YouTube video, that show:

    Upon logging into SSH, the PFSense Console appears

    However, I have found otherwise - I just arrive at a shell.

    I am logging in as "admin".

    Is there something special that I need to do, to get to the PFSense Console on a SSH session?



  • @brasilnut:

    I am logging in as "admin".

    Is there something special that I need to do, to get to the PFSense Console on a SSH session?

    That menu system is run when /etc/rc.initial is started up.  rc.initial is usually (always?) started when the /root/.profile file is executed.  In my case, I do see the menu, and my /root/.profile contains:

    if [ `env | grep SSH_TTY | wc -l` -gt 0 ] || [ `env | grep cons25 | wc -l` -gt 0 ]; then
            /etc/rc.initial
            exit
    fi
    [ -n "$SSH_TTY" -o "$TERM" = "cons25" ] && exec /etc/rc.initial
    [ -n "$SSH_TTY" -o "$TERM" = "cons25" ] && exec /etc/rc.initial
    [ -n "$SSH_TTY" -o "$TERM" = "cons25" ] && exec /etc/rc.initial
    [ -n "$SSH_TTY" -o "$TERM" = "cons25" ] && exec /etc/rc.initial
    [ -n "$SSH_TTY" -o "$TERM" = "cons25" ] && exec /etc/rc.initial
    [ -n "$SSH_TTY" -o "$TERM" = "cons25" ] && exec /etc/rc.initial
    [ -n "$SSH_TTY" -o "$TERM" = "cons25" ] && exec /etc/rc.initial
    
    

    (No idea how those 7 lines of garbage got there at the end).

    So if SSH_TTY environment variable is an empty string and 'cons25' is not somewhere in your environment, then /etc/rc.initial won't be run and you won't see your menu.  You can run /etc/rc.initial by hand if you want the menu.

    Note that pfSense uses tcsh, if you want to look into which, when and how files are executed upon logging in.



  • @brasilnut:

    Is there something special that I need to do, to get to the PFSense Console on a SSH session?

    With SSH log in as root not admin.



  • You can login as admin by SSH, then just run /etc/rc.initial (Edit: small brain fade - login as admin should display the menu automatically)
    If you have multiple people doing admin, then create a user for each in the GUI User Manager and put them in "admins" group.
    Install the sudo package and just use the default settings.
    They can SSH and login as themselves then:

    sudo -s
    

    and provide their own password to confirm. They will get a real "root" session.
    then:

    /etc/rc.initial
    

    and the menu is displayed.
    That way multiple sys admins do not need to share the admin/root password.


  • Netgate Administrator

    Isn't this the other way around?  ???

    The admin user always gets the console menu which is why you need to log in as root to use SCP. Root gets the menu if you login via SSH though. Neither user require any special action to get it normallly.

    Steve


  • Rebel Alliance Developer Netgate

    Normally the admin user is always locked into /etc/rc.initial as its shell. If it doesn't come up, then either someone manually edited the code or the passwd file to change the shell, or otherwise changed the .*rc files in /root, or maybe the passwd database has become corrupt in some way.

    Often just an edit/save action on the admin user in the GUI is enough to fix things up, assuming the pfSense code was not modified. In other cases the passwd database has to be manually rebuilt using "pwd_mkdb -p /etc/master.passwd" or similar.


Log in to reply