|
|
@ -18,6 +18,7 @@ the bottom right corner of the form.
|
|
|
|
**Username** John *A unique username*
|
|
|
|
**Username** John *A unique username*
|
|
|
|
**Password** secret *A strong password*
|
|
|
|
**Password** secret *A strong password*
|
|
|
|
**Full name** John Doe *Optional, Full username*
|
|
|
|
**Full name** John Doe *Optional, Full username*
|
|
|
|
|
|
|
|
**Login shell** *The shell to use when logging in via the console.*
|
|
|
|
**Expiration date** *Optional, if account should expire enter as mm/dd/yyy*
|
|
|
|
**Expiration date** *Optional, if account should expire enter as mm/dd/yyy*
|
|
|
|
**Group Membership** *Optional, select one or more groups*
|
|
|
|
**Group Membership** *Optional, select one or more groups*
|
|
|
|
**Certificate** *Optional, check if a user certificate should be created*
|
|
|
|
**Certificate** *Optional, check if a user certificate should be created*
|
|
|
@ -31,7 +32,7 @@ Creating Groups
|
|
|
|
Go to **System->Access->Groups** and click on the **+** sign in the lower right
|
|
|
|
Go to **System->Access->Groups** and click on the **+** sign in the lower right
|
|
|
|
corner of the form.
|
|
|
|
corner of the form.
|
|
|
|
|
|
|
|
|
|
|
|
Enter a **Group name*** and a **Description** and add users to the group.
|
|
|
|
Enter a **Group name** and a **Description** and add users to the group.
|
|
|
|
|
|
|
|
|
|
|
|
Add privileges to a group
|
|
|
|
Add privileges to a group
|
|
|
|
-------------------------
|
|
|
|
-------------------------
|
|
|
@ -39,9 +40,8 @@ After creating a group the privileges can be added by editing the group.
|
|
|
|
Go to **System->Access-Groups** and click on the edit symbol (pencil) right next
|
|
|
|
Go to **System->Access-Groups** and click on the edit symbol (pencil) right next
|
|
|
|
to the group you like to change.
|
|
|
|
to the group you like to change.
|
|
|
|
|
|
|
|
|
|
|
|
To assign privileges, just click on the pencil icon on the right of **Assigned
|
|
|
|
To assign privileges, just click on the pencil icon on the right of **Assigned Privileges**.
|
|
|
|
Privileges** a form will be shown where each page can be either selected or deselected;
|
|
|
|
A form will be shown where each page can be either selected or deselected.
|
|
|
|
here it's also possible to allow a user shell account access (console).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The search bottom at the top of this form can be used to quickly find the right
|
|
|
|
The search bottom at the top of this form can be used to quickly find the right
|
|
|
|
page.
|
|
|
|
page.
|
|
|
@ -50,3 +50,27 @@ page.
|
|
|
|
:width: 100%
|
|
|
|
:width: 100%
|
|
|
|
|
|
|
|
|
|
|
|
After making the right selection click on **Save** to store the new settings.
|
|
|
|
After making the right selection click on **Save** to store the new settings.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SSH and console login
|
|
|
|
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
User accounts can be used for logging in to the web frontend, as well as for logging in to the console (via VGA,
|
|
|
|
|
|
|
|
serial or SSH). The latter will only work if the user's shell is not set to ``/sbin/nologin`` and if group the user is
|
|
|
|
|
|
|
|
part of is allowed SSH access.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In order to access OPNsense via SSH, SSH access will need to be configured via **System->Settings->Administration**.
|
|
|
|
|
|
|
|
Under the "Secure Shell" heading, the following options are available:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
============================ ==========================================================================
|
|
|
|
|
|
|
|
**Enable secure shell** Global on/off switch.
|
|
|
|
|
|
|
|
**Login Group** Which user groups can access OPNsense via SSH.
|
|
|
|
|
|
|
|
**Permit root user login** Normally, only non-root accounts are allowed for security reasons.
|
|
|
|
|
|
|
|
This option enables root login.
|
|
|
|
|
|
|
|
**Permit password login** The recommended login method is using SSH keys as it's more secure,
|
|
|
|
|
|
|
|
but this option will also enable password logins.
|
|
|
|
|
|
|
|
**SSH Port** Defaults to 22, but can be changed to make port scanning less effective.
|
|
|
|
|
|
|
|
**Listen interfaces** By default, SSH listens on all interfaces. You can limit this
|
|
|
|
|
|
|
|
(to just the LAN, for example) for additional security
|
|
|
|
|
|
|
|
at the cost of availability.
|
|
|
|
|
|
|
|
============================ ==========================================================================
|
|
|
|
|
|
|
|
|
|
|
|