NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Locked myself out of ssh ...
Hello.
I just did stupid :/.
I edited /etc/ssh/sshd_config and instead of restarting the ssh service i rebootet the box. Seems there was a typo or something else wrong. now i cant ssh into the box again. is there a possibility to reset /etc/ssh/sshd_config (maybe by firmware reset?) without whiping /c/ ? If not would i get to the console if i connect a screen and keyboard?
Mondays..
Thanks.
I just did stupid :/.
I edited /etc/ssh/sshd_config and instead of restarting the ssh service i rebootet the box. Seems there was a typo or something else wrong. now i cant ssh into the box again. is there a possibility to reset /etc/ssh/sshd_config (maybe by firmware reset?) without whiping /c/ ? If not would i get to the console if i connect a screen and keyboard?
Mondays..
Thanks.
6 Replies
- Which model ReadyNAS is this?
- Model: ReadyNAS Ultra 6 Plus [X-RAID2]
Firmware: RAIDiator 4.2.27
I just found smb access to one of my .sh backup scripts which is triggered by a cron job at some point. i could edit that to copy over a new version of sshd_config from a smb shared folder to /etc/ssh/sshd_config. So that would be an option if someone could supply a vanilla /etc/ssh/sshd_config file.
i should probably fix that smb access afterwards :D
thank you guys!
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes- seems the script is not executed. maybe its just a backup of the script after all.
is there another way to restore /etc/ssh/sshd_config without loosing the content of /c/ ? - Did you set the ownership/permissions correctly?:
# ls -la /etc/ssh/sshd_config
-rw-r--r-- 1 root root 1874 2007-09-13 08:48 /etc/ssh/sshd_config - well i cant check, i dont have ssh access anymore after saving a typo to /etc/ssh/sshd_config and rebooting.
i found an smb folder shared for the admin acount called /Scripts in which Backup.sh is located. i suspected that Backup.sh is executed by the cron job daily so i edited it to contain.:# save the broken version of the file
cp /etc/ssh/sshd_config /c/backup/sshd_config
# overwrite the broken file with the new vanilla version
cp /c/sshd_config /etc/ssh/sshd_config
i then placed the new vanilla code you gave me in a file created by the admin account via smb in /c/sshd_config in the hope that cron gets executed "as root" (?) and copies the vanilla file to the correct location so that i can afterwards boot the box to have the vanilla file loaded.
so far the broken sshd_config did not appear in /c/backup/sshd_config (also visible as smb share) so i guess that /Scripts/Backup.sh is not executed by cron at all. maybe /Scripts is just a backup of the scripts themselves or cron doesnt trigger it or maybe it only does once per week instead of once per day as my description in the file suggests. i could wait longer to see if it triggers at some point.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
