Hello folks,I have a RN 102, now upgraded to 6.1.8.I used to access it via SSH and rsync files from another RN102 to it. Suddenly I cannot access it via SSH anymore. Web interface is ok.I tried booting, disabling and re-enabling sshd on web interface, no joy.I investigated and the most relevant information I found on logfiles is:Jul 06 21:32:44 NAS sshd[6277]: pam_unix(sshd:session): session opened for user ******** by (uid=0)Jul 06 21:32:44 NAS sshd[6277]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directoryJul 06 21:32:44 NAS sshd[6277]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directoryJul 06 21:32:44 NAS sshd[6279]: Received disconnect from 192.168.2.20: 11: disconnected by userJul 06 21:32:44 NAS sshd[6277]: pam_unix(sshd:session): session closed for user ********I tried axaplorer4 to access the filesystem, but no joy.Any suggestion?Thanks,Felipe

How do you try to ssh in ? Did you try to erase your stored SSH keys, I'm not sure if Netgear regenerated them because of heartbleed or if they just patched, if it were that you shouldn't get the password prompt though.Did you contact Netgear, they should be able to restore this via tech mode. If you have backups, you could always try an os reinstall (factory default will erase everything, with os reinstall you should be fine but it will reset admin password and network settings, but a backup and a quick search in the user manual are advised anyway).

Hi,This happen many days after I upgraded ssl stuff. I cant delete my stored ssh keys, as I cant log in!I am afraid that partition / ran out of diskpace, or, by any reason has been mounted on read only mode.But, I find no way to browse files, etc.Thanks for your reply,Felipe

Well, I was reluctant to try netgear support, but unfortunately, as I expected, they were useless :(

Try to download your log and then delete them (to have a trace of past things in case this doesn't solve the problem), this should free up space on /. You could also try to remove some installed apps. Anyway, do a full backup before attempting anything while you still have access to your files. It would be reckless not to (raid is not backup).If you already rebooted since you noticed the problem, you can try again with the newly available space to see if the partition is mounted otherwise. For SSH keys I wasn't saying on the NAS. I know OS X stores them in ~/.ssh/known_hosts (or something approaching) for example. As for browsing files, you shouldn't be able to find any if Netgear did its job. It would be really alarming otherwise. For Netgear support can you summarize what's been tried and said ?

Hi,I managed to get inside the box via serial console, thanks to this page: http://natisbad.org/NAS2/I found that something changed my user shell from /bon/bash to /bin/false. Oddly this happened to both my readynases. I still havent found what changed the user account shell, seems like some upgrade did it. The second readynas doesnt have any port natted to outside.As I had "PermitRootLogin No" on sshd config, I got locked outside. Luckily, serial console was there.Thanks,Felipe

RN102 v6.1.8 - cant access SSH | NETGEAR Communities

13 Replies

Replies have been turned off for this discussion

mdgm-ntgr
NETGEAR Employee Retired
Jul 21, 2014
You could edit the sqlite3 database /var/readynas/db.sq3 to make changes stick.
xeltros
Apprentice
Jul 21, 2014
Good to know, but I won't need to do it.
My config is a cp command away and contains only a few things like perf improvement and modified headers to secure a little bit more. Having a Cisco device with protocol inspection activated, IPS activated, then going to an UTM that provides a captive portal and then connects to my NAS, acting as a middle man, while using snort, and then having iptables on my NAS. I think I'm pretty safe without fake headers anyway ;)
As I said, I tend to avoid problems, modifying apache is not hard and with a backup of the original config, any problem is solved within seconds and can't ever impact any other service. I don't want to mess up an SQLite database that I'm not sure about what it does in the NAS grand scheme of existence to save myself the trouble of a command once every 1-2 months...

I could also make settings persistent with a cron job using cat & grep to see if I can find a personalized comment, if not copy the file.
But as said before, I dislike to mess things up on a NAS, the only thing I did was to enhance security a little bit.
But now with a serious firewall I feel way more comfortable knowing that only HTTPS connections can go through my firewall (HTTP on the same port won't pass, neither will SSH...) and that I have two IPS guarding angels. Not bullet proof but quite reasonable for non-enterprise data.
That said, fail2ban & iptables should be integrated directly in the NAS interface (as an option) as they don't use too much ressources even for the 104, are free and provide decent protection (combined with mail alerts). I would have liked snort with limited rules to what's running but the 104 will take a performance hit with that.
mdgm-ntgr
NETGEAR Employee Retired
Jul 21, 2014
Other options for apache would be to make changes a bit like how add-ons do them. For that you could look at the SDK.

You can use chattr to lock files so they can't be edited, but that probably wouldn't fit with your idea of not messing things up.

Forum Discussion

RN102 v6.1.8 - cant access SSH

13 Replies

Related Content

Unable to access RN304 and RN102

RN102 slow performances

RN102 LAN access only. Cannot access Internet

RN102 OS6 Home folder

Netgear RN102 Disk Upgrade

NETGEAR Academy

ProSupport for Business