Securing root SSH - SSH keys and sudo?

simplyzero · December 17, 2023, 2:42pm

I have a few FreePBX systems that are starting to be administered by a few different folks on our team, so I’d like to start to apply security best practices.

I know that the default experience with FreePBX is logging into SSH as root. I’d like to move to SSH keys to assign to individual users for auditability of changes, locking the system down more, etc. Additionally, I’d like to start to introducing sudo’ing for individual users to not be using the root credential.

From what I’ve searched on the forums (albeit older posts), it doesn’t seem like this is an issue/would cause anything to break, but I wanted to double check. Are there any gotchas to doing this?

billsimon · December 17, 2023, 5:46pm

The only gotcha is when you log in as a regular user you get an ugly php stack trace because the fwconsole motd command is in the system profile and unprivileged users don’t have the right permission to run fwconsole.

system · January 16, 2024, 5:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.