NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Help: locked out from SSH access as root while trying to disable root access as SSH
Hi,
I wanted to disable SSH root login and only enable it for the admin user
I had admin user properly setup and with SSH shell enabled. I tested and admin user was able to escalate to root by su
I tried to edit the /etc/ssh/sshd_config file, but the changes were reverted each time the SSH service was toggled on/off
I tried to modify the /etc/default/config/etc/ssh/sshd_config but the changes do not apply to the /etc/sshd_config
So it seems the config is regenerated from elesewhere when the SSH service is toggled on/off in GUI
I sadly followed an old guide here and edited the /etc/passwd file
I changed the :/bin/bash for root user to :/bin/false
As expected, root can no longer access the shell through SSH. However, admin account cannot escalate to root using su now. The password is accepted, but it doesn't escalate to root. Well, that was expected, but I thought it was a Netgear custom thing. I guess it was fixed in later OS as the guide is dated 2011
Please any one help me reset the access as it is now lost. I will try OS reinstall, but I really want to avoid a hard reset :-(
Also, is this guide uptodate for fixing my issue? (last post of this thread)
Thank you
chopin70 wrote:
In tech support i have ssh root access ? I did not find info on how to proceed once in tech mode
Thank you againYou connect with telnet (not ssh). The user name is root, the password is infr8ntdebug.
Once logged in, you enter
# rnutil chroot
to start raid, and chroot.
Note the data volume isn't mounted (there are some additional steps needed to do that). But this should let you undo the change to the passwd file.
4 Replies
Replies have been turned off for this discussion
chopin70 wrote:
I wanted to disable SSH root login and only enable it for the admin user
Most things you'd want to change would require root access anyway (and you can mess things up badly if you forget to sudo). Personally I wouldn't have done this.
chopin70 wrote:
... the guide is dated 2011
OS-6 NAS came out in 2013, so that guide would have been either for NV+ (4.1.x firmware) or Ultra/Pro (4.2.x firmware). No idea on how it would apply to OS-6.
chopin70 wrote:
Please any one help me reset the access as it is now lost. I will try OS reinstall, but I really want to avoid a hard reset :-(
If the OS reinstall doesn't restore access, you can boot up in tech support mode, and undo your change to the passwd file.
- In tech support i have ssh root access ? I did not find info on how to proceed once in tech mode
Thank you again
chopin70 wrote:
In tech support i have ssh root access ? I did not find info on how to proceed once in tech mode
Thank you againYou connect with telnet (not ssh). The user name is root, the password is infr8ntdebug.
Once logged in, you enter
# rnutil chroot
to start raid, and chroot.
Note the data volume isn't mounted (there are some additional steps needed to do that). But this should let you undo the change to the passwd file.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
