NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
EnableSSH - Locked out from SSH
Dear All,
I've installed EnableSSH on my Duo v2 successfully and was able to use it with the root account. While trying to enable ssh access to other users, I unfortunately locked root out before managing to enable another user.
Right now the successful login with a non-root user leads to an instant logout.
Loggin in with root leads to "Permisson denied, please try again". The reason for this is probably a wrong entry in the "Allowed Users" section of the ssh configuration.
Normal admin access via the Web UI is not affected and runs perfectly well.
I've already tried re-installing the EnableSSH plugin, but unfortunately that did not reset the ssh configuration.
Is there any way to reset only the ssh config without possibly running into problems on the Web UI side?
tuxEvangelist wrote:
Thanks for the quick reply, I managed to get into tech support mode and telnet to the Duo v2, but unfortunately the files of the ssh configuration are not present in this state. Is there a chance that I can mount other parts of the filesystem that contain the config files of the plugins that are installed?
Yes, you need to mount the real OS partition.
I've never owned a v2. but I believe these commands will work/
# start_raid.sh # mount /dev/md0 /sysroot
Not sure if you'll also need to chroot to get the commmands you need, but if you do try these commands:
# mount --bind /proc /sysroot/proc # mount --bind /dev /sysroot/dev # mount --bind /dev/pts /sysroot/dev/pts # mount --bind /sys /sysroot/sys # chroot /sysroot /bin/bash
8 Replies
Replies have been turned off for this discussion
tuxEvangelist wrote:
Is there any way to reset only the ssh config without possibly running into problems on the Web UI side?
You can get into the OS using tech support mode. You'd be on your own after that though.
D
Is there any way to reset only the ssh config without possibly running into problems on the Web UI side?
> You can get into the OS using tech support mode. You'd be on your own after that though.
Thanks for the quick reply, I managed to get into tech support mode and telnet to the Duo v2, but unfortunately the files of the ssh configuration are not present in this state. Is there a chance that I can mount other parts of the filesystem that contain the config files of the plugins that are installed?
And, BTW what is the way to gracefully shutdown the system from tech support mode? Pulling the plug is the only way I've found and that really hurts me every time :-o
tuxEvangelist wrote:
Thanks for the quick reply, I managed to get into tech support mode and telnet to the Duo v2, but unfortunately the files of the ssh configuration are not present in this state. Is there a chance that I can mount other parts of the filesystem that contain the config files of the plugins that are installed?
Yes, you need to mount the real OS partition.
I've never owned a v2. but I believe these commands will work/
# start_raid.sh # mount /dev/md0 /sysroot
Not sure if you'll also need to chroot to get the commmands you need, but if you do try these commands:
# mount --bind /proc /sysroot/proc # mount --bind /dev /sysroot/dev # mount --bind /dev/pts /sysroot/dev/pts # mount --bind /sys /sysroot/sys # chroot /sysroot /bin/bash
Do a configuration backup (under Settings/System/Backup) and see if the file you need to fix is in it. If it is, be sure to use an editor that will use an LF only for an EoL and not add anything (Like Notepad++) and make the changes you need to, then restore that backup.
> Do a configuration backup (under Settings/System/Backup) and see if the file you need to fix is in it. If it is, be sure to use an editor that will use an LF only for an EoL and not add anything (Like Notepad++) and make the changes you need to, then restore that backup.
Thanks for the quick reply - I've checked that already with older config backups, but unfortunately the file I'm looking for is not contained there - even if I'm doing a present config backup with "All" option marked.
The crucial file is
sshd_config
and it's supposed to sit somewhere like
/etc/ssh
tuxEvangelist wrote:Thanks for the quick reply - I've checked that already with older config backups, but unfortunately the file I'm looking for is not contained there - even if I'm doing a present config backup with "All" option marked.
The crucial file is
sshd_config
and it's supposed to sit somewhere like
/etc/ssh
If support mode doesn't get you there, I suppose you could try just putting it into the config backup .zip and see if the restore really checks and restores specific content or restores whatever it finds. I know you can delete files from the .zip to be restored with no issue, I've never tried to add any.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
