Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Compare Editions Software Status FreeNAS
Compare Systems M-Series X-Series R-Series Mini Series
Contact Us iXsystems Careers Clients Reviews
TrueNAS GitHub Community Forum Discord TrueNAS Merch Store
Application Backup and Archival Cloud Media Workflows Video Surveillance Virtualization
Industry Education Government Healthcare Research / AI / ML Media & Entertainment
Enterprise Support Community Support Documentation TrueNAS Security FAQ iX Blog TrueNAS Blog
Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS Videos
Download TrueNAS CORE Download TrueNAS SCALE Get TrueNAS Enterprise Where to Buy
  1. TrueNAS SCALE 23.10
  2. /
  3. SCALE Tutorials
  4. /
  5. Credentials
  6. /
  7. Using Rootless Login
Edit page
TrueNAS SCALETrueNAS SCALE Version Documentation
This content follows the TrueNAS SCALE 23.10 (Cobia) releases. Use the Product and Version selectors above to view content specific to different TrueNAS software or major version.

Using Rootless Login

  4 minute read.

Last Modified 2024-03-19 08:38 EDT

The initial implementation of TrueNAS SCALE rootless log in permits users to use the root user but encourages users to create the local administrator account when first installing SCALE.

Starting with SCALE Bluefin 22.12.0, root account logins are deprecated for security hardening and to comply with Federal Information Processing Standards (FIPS). All TrueNAS users should create a local administrator account with all required permissions and begin using it to access TrueNAS. When the root user password is disabled, only an administrative user account can log in to the TrueNAS web interface.

TrueNAS SCALE plans to permanently disable root account access in a future release.

If migrating from CORE to SCALE, when first logging into SCALE as the root user, you are advised to create the administrator account. All users should create the local administrator account and use this account for web interface access. To improve system security after the local administrator account is created, disable the root account password so that root access to the system is restricted.

Some UI screens and settings still refer to the root account, but these references are updating to the administrator account in future release of SCALE.

About Admin and Root Logins and Passwords

At present, SCALE has both the root and local administrator user logins and passwords. If properly set up, the local administrator (admin) account performs the same functions and has the same access the root user has.

The root user is no longer the default user so you must add and enable a password to use the root user.

Disabling Root and Admin User Passwords

As a security measure, the root user password is disabled when you create the admin user during installation. Do not disable the admin account and root passwords at the same time. If both root and admin account passwords become disabled at the same time and the web interface session times out, a one-time sign-in screen allows access to the system.

ResetRootAccountPasswordSignIn

Enter and confirm a password to gain access to the UI. After logging in, immediately go to Credentials > Local Users to enable either the root or admin password before the session times out again. This temporary password is not saved as a new password and it does not enable the admin or root passwords, it only provides one-time access to the UI.

When disabling a password for UI login, it is also disabled for SSH access.

Accessing the System Through an SSH Session

To enable SSH to access the system as root or the admin user:

  1. Configure the SSH service.

    a. Go to System Settings > Services, then select Configure for the SSH service.

    b. Select Log in as Root with Password to enable the root user to sign in as root.

    Select Log in as Admin with Password and Allow Password Authentication to enable the admin user to sign in as admin. Select both options.

    c. Click Save and restart the SSH service.

  2. Configure or verify the user configuration options to allow ssh access.

    If you want to SSH into the system as the root, you must create and enable a password for the root user. If the root password password is disabled in the UI you cannot use it to gain SSH access to the system.

    To allow the admin user to issue commands in an ssh session, edit the admin user and select which sudo options are allowed.

    Select Allow all sudo commands with no password. You might see a prompt in the ssh session to enter a password the first time you enter a sudo command but will not see this password prompt again in the same session.

Two-Factor Authentication (2FA) and Administrator Account Log In

To use two-factor authentication with the administrator account (root or admin user), first configure and enable SSH service to allow SSH access, then configure two-factor authentication. If you have the root user configured with a password and enable it, you can SSH into the system with the root user. Security best practice is to disable the root user password and only use the local administrator account.

Rootless Log In and TrueCommand

At present, rootless log in works with TrueCommand but you need to set up and use an API key. Future releases of TrueCommand should eliminate the need for the API key.

Related Content

Related Admin User Articles

Related SSH Articles

Have more questions or want to discuss your specific configuration? For further discussion or assistance, see these resources:

Found content that needs an update? You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).