FreePBX | Register | Issues | Wiki | Portal | Support

Stop Root Auto Login

freepbx
Tags: #<Tag:0x00007fafc536fb88>

(Erik ) #1

I installed FreePBX distro 14 on a VPS and it defaults to root auto login on the console. How do I stop root from auto logging in on the console? I have checked the forum and even checked systemd getty@tty1.service to see if the auto login was there but it wasn’t.


(Dave Burgess) #2

There’s nothing in FreePBX that will auto-login. The only way that auto-login can be accomplished through SSH (that I’m aware of) is through the explicit sharing of certificates and configuration options in the ssh configuration files.

If you are talking about the Web console, that’s a browser setting. Turn off “remember passwords” in your browser for that host.


(Erik ) #3

Sorry for the late reply but I didn’t see your reply in my email. This isn’t http/https access to freepbx this is the display console. I have tested this also on virtualbox and physical machine with fresh install, along with the VPS being a free install with default on everything. My VPS has KVM console access. After boot I open KVM console and root is already auto logged in as shown in picture one (see ps below). I also tried this on a physical machine and same thing. After boot the console (display) autologin’s root. I found a quick fix but it seems to disable console login (I use a VPS so not a problem, but information for future readers) shown in picture 2 (see ps below)
Running
systemctl status getty@tty1
I found that getty is set to autologin
I disabled it so my problem is fixed
systemctl disable getty@tty1
but there should be a better solution as this seems to disable console (display) logins. Secondly why would this be allowed? As it gives root access to anyone that has physical access to the machine. Even in a more secure location like an office, employees could still walk into the room with the server and automatically have root access.

I have also tried to edit /etc/systemd/system/getty@tty1 and remove the autologin tag but still same effect, as disabling getty@tty1 service, no console (display login)
eg.
ExecStart=-/sbin/agetty --autologin root --noclear %I $TERM
ExecStart=-/sbin/agetty root --noclear %I $TERM

PS FreePBX will not allow new users to post links for picture one go to imgur and Nq24o58 for the page eg domain forward slash page for image 2 a forward slash UW2U3


(Erik ) #4

I also set notifications for replies in Freepbx forum so I should reply back a lot quicker this time, again, sorry it took so long but I didn’t receive an email when someone was replying.


(Lacy Moore) #5

I think you and I are the only people in the world this is happening to.


#6

It’s happening to us also.

Edit /etc/systemd/system/getty@tty1.service:

Under ‘[Service]’, you’ll see the line starting with ‘ExecStart’. Remove the ‘–autologin root’ from the line, reboot, and you’ll be fine.


(Jared Busch) #7

What options did you choose during install? Because I have never seen this happen.