SSH Access - User can access the SSH with its own credential
Currently it is possible to access the SSH only with the ADMIN user.
For companies that need to be compliance with the PCI this is not acceptable.
It is very important each User can access the SSH with its own credential for audit purposes
This is not a violation of PCI-DSS as there is no reason a regular user should need to ssh into the firewall appliance. If this is the case then you need to re-evaluate your implementation and practices.
Agreed - this is a violation of PCI-DSS.
NIST also frowns on this type of implementation of privileged accounts.
Please, make it possible to use every user for SSH administration.
Timothy Erwine commented
This is an absurd and easily correctable issue. Little things like this are why I cannot recommend Sophos UTM products to my clients. I have the (dis)pleasure of working on the platform where it's already been installed and I can say that I am not impressed.
Please this is very needed, more than one user should be able to access via SSH specially for VPN debugging, troubleshooting and route config. As the tools providing via GLi are not enough for these purposes
it's unacceptable this requeriments, this MUST be provided...
It's a shame that an enterprise as Sophos do things like this.
The lack of this feature just cost us a lot of money as we need to send someone onsite now.
John Woodall commented
Yes, this is needed.
Clayton Dillard commented
This is a much needed feature for auditing and compliance reasons.
Along this same line, allow additional users to be created and cfg'd for admin access. Also, it would be good to tie this into the profiles in "Profiles --> Device Access".
This is great needed not just for compliance here you can not use the default admin account, but you should be able to grant any admin shell access for change management and auditing. I work with many clients and I do not want to know/use their admin account. I'd much rather the clients create an alternate admin account for me to use (with shell access) so that both my actions are accounted for and cannot be blamed for actions taken with their admin account