NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
chopin70
Nov 08, 2020Virtuoso
Help: locked out from SSH access as root while trying to disable root access as SSH
Hi, I wanted to disable SSH root login and only enable it for the admin user I had admin user properly setup and with SSH shell enabled. I tested and admin user was able to escalate to root by s...
- Nov 09, 2020
chopin70 wrote:
In tech support i have ssh root access ? I did not find info on how to proceed once in tech mode
Thank you againYou connect with telnet (not ssh). The user name is root, the password is infr8ntdebug.
Once logged in, you enter
# rnutil chroot
to start raid, and chroot.
Note the data volume isn't mounted (there are some additional steps needed to do that). But this should let you undo the change to the passwd file.
chopin70
Nov 08, 2020Virtuoso
In tech support i have ssh root access ? I did not find info on how to proceed once in tech mode
Thank you again
Thank you again
StephenB
Nov 09, 2020Guru - Experienced User
chopin70 wrote:
In tech support i have ssh root access ? I did not find info on how to proceed once in tech mode
Thank you again
You connect with telnet (not ssh). The user name is root, the password is infr8ntdebug.
Once logged in, you enter
# rnutil chroot
to start raid, and chroot.
Note the data volume isn't mounted (there are some additional steps needed to do that). But this should let you undo the change to the passwd file.
- chopin70Nov 09, 2020Virtuoso
Thank you again, you saved me
I could telnet and revert the changes. Even DHCP was enabled so I did not have to make a direct PC connection as I thought
By the way, I tested the trick in last post from https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/SSH-Configuration-reset-on-reboot/m-p/1181843/highlight/true
It properly works. It is wired because I was creating a /etc/ssh/sshd_config.bak file that was deleted whenever the SSH service was restarted from GUI. I thought all the /etc/ssh folder was recreated dynamically. However, a sshd_config.custom file, like proposed, was preserved
That way, the changes can effectively be done in sshd_cong.custom which is the proper was to start the service with custom settings
Since I am migrating the ReadyNAS to just a backup server, I just don't need the root SSH access all the time and I am used to never login as root on other systems. I just need to SSH for rsync jobs started from a remote system and for the occasional maintenance. For such tasks, changing the default port and disabling root user login is recommended.
Hope this can help others looking to customize the SSH access.
Warning to others: just do it at your own risk and if you understand the changes you do + ensure the telnet access can let you access the files you change
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!