- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
EnableSSH - Locked out from SSH
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear All,
I've installed EnableSSH on my Duo v2 successfully and was able to use it with the root account. While trying to enable ssh access to other users, I unfortunately locked root out before managing to enable another user.
Right now the successful login with a non-root user leads to an instant logout.
Loggin in with root leads to "Permisson denied, please try again". The reason for this is probably a wrong entry in the "Allowed Users" section of the ssh configuration.
Normal admin access via the Web UI is not affected and runs perfectly well.
I've already tried re-installing the EnableSSH plugin, but unfortunately that did not reset the ssh configuration.
Is there any way to reset only the ssh config without possibly running into problems on the Web UI side?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@tuxEvangelist wrote:
Thanks for the quick reply, I managed to get into tech support mode and telnet to the Duo v2, but unfortunately the files of the ssh configuration are not present in this state. Is there a chance that I can mount other parts of the filesystem that contain the config files of the plugins that are installed?
Yes, you need to mount the real OS partition.
I've never owned a v2. but I believe these commands will work/
# start_raid.sh # mount /dev/md0 /sysroot
Not sure if you'll also need to chroot to get the commmands you need, but if you do try these commands:
# mount --bind /proc /sysroot/proc # mount --bind /dev /sysroot/dev # mount --bind /dev/pts /sysroot/dev/pts # mount --bind /sys /sysroot/sys # chroot /sysroot /bin/bash
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: EnableSSH - Locked out from SSH
@tuxEvangelist wrote:
Is there any way to reset only the ssh config without possibly running into problems on the Web UI side?
You can get into the OS using tech support mode. You'd be on your own after that though.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: EnableSSH - Locked out from SSH
Do a configuration backup (under Settings/System/Backup) and see if the file you need to fix is in it. If it is, be sure to use an editor that will use an LF only for an EoL and not add anything (Like Notepad++) and make the changes you need to, then restore that backup.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: EnableSSH - Locked out from SSH
D
Is there any way to reset only the ssh config without possibly running into problems on the Web UI side?
> You can get into the OS using tech support mode. You'd be on your own after that though.
Thanks for the quick reply, I managed to get into tech support mode and telnet to the Duo v2, but unfortunately the files of the ssh configuration are not present in this state. Is there a chance that I can mount other parts of the filesystem that contain the config files of the plugins that are installed?
And, BTW what is the way to gracefully shutdown the system from tech support mode? Pulling the plug is the only way I've found and that really hurts me every time 😮
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: EnableSSH - Locked out from SSH
> Do a configuration backup (under Settings/System/Backup) and see if the file you need to fix is in it. If it is, be sure to use an editor that will use an LF only for an EoL and not add anything (Like Notepad++) and make the changes you need to, then restore that backup.
Thanks for the quick reply - I've checked that already with older config backups, but unfortunately the file I'm looking for is not contained there - even if I'm doing a present config backup with "All" option marked.
The crucial file is
sshd_config
and it's supposed to sit somewhere like
/etc/ssh
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@tuxEvangelist wrote:
Thanks for the quick reply, I managed to get into tech support mode and telnet to the Duo v2, but unfortunately the files of the ssh configuration are not present in this state. Is there a chance that I can mount other parts of the filesystem that contain the config files of the plugins that are installed?
Yes, you need to mount the real OS partition.
I've never owned a v2. but I believe these commands will work/
# start_raid.sh # mount /dev/md0 /sysroot
Not sure if you'll also need to chroot to get the commmands you need, but if you do try these commands:
# mount --bind /proc /sysroot/proc # mount --bind /dev /sysroot/dev # mount --bind /dev/pts /sysroot/dev/pts # mount --bind /sys /sysroot/sys # chroot /sysroot /bin/bash
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: EnableSSH - Locked out from SSH
@tuxEvangelist wrote:
Thanks for the quick reply - I've checked that already with older config backups, but unfortunately the file I'm looking for is not contained there - even if I'm doing a present config backup with "All" option marked.
The crucial file is
sshd_configand it's supposed to sit somewhere like
/etc/ssh
If support mode doesn't get you there, I suppose you could try just putting it into the config backup .zip and see if the restore really checks and restores specific content or restores whatever it finds. I know you can delete files from the .zip to be restored with no issue, I've never tried to add any.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: EnableSSH - Locked out from SSH
[...]
> Yes, you need to mount the real OS partition.
> I've never owned a v2. but I believe these commands will work/
# start_raid.sh # mount /dev/md0 /sysroot
> Not sure if you'll also need to chroot to get the commmands you need, but if you do try these commands:
# mount --bind /proc /sysroot/proc # mount --bind /dev /sysroot/dev # mount --bind /dev/pts /sysroot/dev/pts # mount --bind /sys /sysroot/sys # chroot /sysroot /bin/bash
PHEW! That worked and you're seeing one really delighted user over here. After the mounts I was able to correct the ssh config and I could log back in as root. What I initially wanted to do was to enable a normal user to ssh into the NAS. I've seen another discussion somewhere around here how to do that, so this time I'll read that closely before changing ANYTHING, promise 😉
Thanx a ton, that really saved me!!!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content