Admin Account Disabled, can still use credentials for SSH Access



  • Hi Guys,

    I have come across a strange problem using pfsense version 2.2.6. I have disabled the Admin account wanting to secure the pfsense by user in FreeRadius using mOTP which is working fine. So i disable the admin account and tested webgui access which now fails as expected. However i am still able to access the LAN address via SSH using the admin credentials, is this the correct behaviour?

    Thanks in advance, i hope someone may shed some light on why this is happening.

    Regards
    Darren


  • Rebel Alliance Developer Netgate

    If you configured pfSense to use FreeRADIUS for GUI auth, the local admin user is kept enabled as a failsafe, IIRC. In case the RADIUS server is unreachable so you still have a way in.

    I'd have to check the code but I seem to recall that the account disable part was only honored when using local auth.



  • Sincere apologies for the late response,

    The device is not yet in production, so i will test disabling the FreeRadius and again disabling the admin account and test SSH, will let you know the outcome.

    Thanks for your support it is appreciated.

    Regards
    Darren


Log in to reply