SSH login warning/fatal error

I recently upgraded a system from FreePBX Distro 5.211.65-19 all the way to 10.13.66-6 without any major issues except for this weird SSH glitch.

I know the issue was discussed in this post SSH login warning/fatal error but even after reading the post multiple times I can’t figure out how to resolve the problem.

I don’t allow SSH as root and contrary to the previous post, ssh into the system with a centos user account not the freepbx administrator. Since the upgrade everytime I ssh into the system I get the following error:

PHP Warning: include_once(/etc/asterisk/freepbx.conf): failed to open stream: Permission denied in /var/lib/asterisk/bin/fwconsole on line 13
PHP Warning: include_once(): Failed opening ‘/etc/asterisk/freepbx.conf’ for inclusion (include_path=’.:/usr/share/pear:/usr/share/php’) in /var/lib/asterisk/bin/fwconsole on line 13
PHP Fatal error: Class ‘Symfony\Component\Console\Application’ not found in /var/www/html/admin/libraries/FWApplication.class.php on line 11

fwconsole chown did not fix the problem.

How do I resolve this?

elevate your ssh session to root permission (probably the asterisk user is enough) before you try that, or add permissions to your ssh user to do what you need.

As a diagnostic on your ssh session before you try to do that stuff run


if you are not asterisk or root and that user does not have sufficient permissions, then that is your problem.

Isn’t this just a cosmetic error? I start ssh as “user” with above errors and when I switch to root the error goes away. Since I don’t do anything as the initial “user” maybe I can ignore this error completely. No? I tried this from the console. Login from root and no error. Logout from root and back to “user” (error re-appers). Logout as “user” and login as root and no error.

You can ignore it. It is cosmetic. I believe the issue is that when you SSH in with your user account that doesn’t have permissions necessary it is trying to produce that motd banner through fwconsole and it can’t. So it throws the warnings. If you don’t ever intend to use that user account to perform administrative tasks then don’t bother, just sudo or su to the necessary user. I’d actually prefer this so that if someone compromised your normal SSH user account, that account would have limited privileges anyway and they would have to sudo/su to another user to do more.

Yes. That was the point of not allowing SSh as root. You would have to login first as a low level user and then login again as root to do anything on the system. Thanks for your quick reply.

This error message is just warning caused by regular Linux account for ssh login doesn’t permission to read fwconsole.conf. The following method can be used to remove this warning,

  1. edit under /etc/profile.d
  2. remove the following lines:
    line 9: else
    line10: SU=""
    line11: fi
  3. Add fi to the end of the text
  4. Save the file.

The above modification will only allow root login to run fwconsole to show pbx banner because other user doesn’t have permisson.

In version 12, banner is displayed by a python script not fwconsole so there is no problem.

If you’re okay with granting the user some extra permissions you can resolve this error by adding your new_user to the asterisk group with this command:
usermod -a -G asterisk new_user
That will give the user access to a lot of files owned by the asterisk user, so it should only be done if that user should have pbx admin rights.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.