I recently upgraded a system from FreePBX Distro 5.211.65-19 all the way to 10.13.66-6 without any major issues except for this weird SSH glitch.
I know the issue was discussed in this post SSH login warning/fatal error but even after reading the post multiple times I can’t figure out how to resolve the problem.
I don’t allow SSH as root and contrary to the previous post, ssh into the system with a centos user account not the freepbx administrator. Since the upgrade everytime I ssh into the system I get the following error:
PHP Warning: include_once(/etc/asterisk/freepbx.conf): failed to open stream: Permission denied in /var/lib/asterisk/bin/fwconsole on line 13
PHP Warning: include_once(): Failed opening ‘/etc/asterisk/freepbx.conf’ for inclusion (include_path=’.:/usr/share/pear:/usr/share/php’) in /var/lib/asterisk/bin/fwconsole on line 13
PHP Fatal error: Class ‘Symfony\Component\Console\Application’ not found in /var/www/html/admin/libraries/FWApplication.class.php on line 11
elevate your ssh session to root permission (probably the asterisk user is enough) before you try that, or add permissions to your ssh user to do what you need.
As a diagnostic on your ssh session before you try to do that stuff run
whoami
if you are not asterisk or root and that user does not have sufficient permissions, then that is your problem.
Isn’t this just a cosmetic error? I start ssh as “user” with above errors and when I switch to root the error goes away. Since I don’t do anything as the initial “user” maybe I can ignore this error completely. No? I tried this from the console. Login from root and no error. Logout from root and back to “user” (error re-appers). Logout as “user” and login as root and no error.
You can ignore it. It is cosmetic. I believe the issue is that when you SSH in with your user account that doesn’t have permissions necessary it is trying to produce that motd banner through fwconsole and it can’t. So it throws the warnings. If you don’t ever intend to use that user account to perform administrative tasks then don’t bother, just sudo or su to the necessary user. I’d actually prefer this so that if someone compromised your normal SSH user account, that account would have limited privileges anyway and they would have to sudo/su to another user to do more.
Yes. That was the point of not allowing SSh as root. You would have to login first as a low level user and then login again as root to do anything on the system. Thanks for your quick reply.
This error message is just warning caused by regular Linux account for ssh login doesn’t permission to read fwconsole.conf. The following method can be used to remove this warning,
If you’re okay with granting the user some extra permissions you can resolve this error by adding your new_user to the asterisk group with this command:
usermod -a -G asterisk new_user
That will give the user access to a lot of files owned by the asterisk user, so it should only be done if that user should have pbx admin rights.