Admin Account Disabled, can still use credentials for SSH Access


  • Hi Guys,

    I have come across a strange problem using pfsense version 2.2.6. I have disabled the Admin account wanting to secure the pfsense by user in FreeRadius using mOTP which is working fine. So i disable the admin account and tested webgui access which now fails as expected. However i am still able to access the LAN address via SSH using the admin credentials, is this the correct behaviour?

    Thanks in advance, i hope someone may shed some light on why this is happening.

    Regards
    Darren

  • Rebel Alliance Developer Netgate

    If you configured pfSense to use FreeRADIUS for GUI auth, the local admin user is kept enabled as a failsafe, IIRC. In case the RADIUS server is unreachable so you still have a way in.

    I'd have to check the code but I seem to recall that the account disable part was only honored when using local auth.


  • Sincere apologies for the late response,

    The device is not yet in production, so i will test disabling the FreeRadius and again disabling the admin account and test SSH, will let you know the outcome.

    Thanks for your support it is appreciated.

    Regards
    Darren