Project

General

Profile

Actions

Bug #12346

closed

Deny SSH access for ``admin`` and ``root`` users when the ``admin`` GUI account is disabled

Added by Steve Wheeler about 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Authentication
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.2
Affected Architecture:
All

Description

If the admin user is disabled in the webgui that user can still login via SSH if it's enabled as long as they have either the admins group or 'User - System: Shell account access' privilege.

Both of those are set by default.

This includes via SSH key if configured.

In this condition the admin user cannot login to the webgui.

Other user accounts cannot login via SSH when they are disabled.

The webgui does not display a warning if the admin credentials are still default if the account is disabled.

Tested:
2.5.2-rel
21.05.1-rel

21.09-BETA (arm)
built on Tue Sep 07 01:12:17 EDT 2021
FreeBSD 12.2-STABLE

Actions

Also available in: Atom PDF