How to Disable Web GUI Root Login

xianlin

New Member
Aug 3, 2012
4
0
1
Singapore
Hi My proxmox server was deployed on the internet and I don't want to expose my root account with Web GUI console to the world for brutal force attack.

I have already disabled SSH root login but cannot find information on how to disable root web login to the proxmox web GUI console.

Thank you in advance.
 

wolfgang

Proxmox Staff Member
Oct 1, 2014
6,496
493
103
Hi,

it is not possible to disable the root on the GUI.

You can use the firewall to block the complete GUI or restrict port 8006 to a static management IP.

Also to improve the security you can use OTP.
https://pve.proxmox.com/wiki/Two-Factor_Authentication

Ban2fail is a good security enhancement.
 

Urbanovits

New Member
Mar 14, 2021
12
0
1
54
The main "preventing root to logon to WEB interface" idea would be benefical because of security.
2FA not help, becasue some known hacker method exist to pass thru. Mainly root user belongs to PAM which makes extreme huge privilege on the whole system.

Shall we escalate to feature request to get more fine grained WEB access?

thanks
George
 
Mar 14, 2021
59
9
8
42
This thread is old but that doesn't mean this ability still doesn't exist. I have been disabling the root login for the webgui and ssh since I first started using proxmox. I think it's been a year now?

You have to create an admin group, give that group admin permissions, then create a user, assign the user to the admin group and test login.

I add the user through ssh/console, test user ssh login, then proceed to create the admin group through the webgui. Once the webgui and console logins are working for the new user I disable the root login via console by using the command "sudo passwd -dl root"

Sudo has been setup obviously by this point.
 
Mar 14, 2021
59
9
8
42
Just remember, you are only disabling the root user login. You don't want to try to delete the root user from the webgui users. That was a hard lesson learned.
 

Urbanovits

New Member
Mar 14, 2021
12
0
1
54
Thanks for your attention. That wasn't my purpose keeping chance to reinstate root if necessary.
Lock account and pwd delete more that feasible.
 

Dunuin

Famous Member
Jun 30, 2020
5,755
1,314
144
Germany
If I remember right there are features in the webUI that only work logged in as root. If you login with another user with admin permissions that isn'T enough. But I don't remember what exactly isn't working then. Maybe someone of the staff can answer this, if this is still a problem with PVE7.
 
  • Like
Reactions: generalproxuser

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!