- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Help: locked out from SSH access as root while trying to disable root access as SSH
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I wanted to disable SSH root login and only enable it for the admin user
I had admin user properly setup and with SSH shell enabled. I tested and admin user was able to escalate to root by su
I tried to edit the /etc/ssh/sshd_config file, but the changes were reverted each time the SSH service was toggled on/off
I tried to modify the /etc/default/config/etc/ssh/sshd_config but the changes do not apply to the /etc/sshd_config
So it seems the config is regenerated from elesewhere when the SSH service is toggled on/off in GUI
I sadly followed an old guide here and edited the /etc/passwd file
I changed the :/bin/bash for root user to :/bin/false
As expected, root can no longer access the shell through SSH. However, admin account cannot escalate to root using su now. The password is accepted, but it doesn't escalate to root. Well, that was expected, but I thought it was a Netgear custom thing. I guess it was fixed in later OS as the guide is dated 2011
Please any one help me reset the access as it is now lost. I will try OS reinstall, but I really want to avoid a hard reset 😞
Also, is this guide uptodate for fixing my issue? (last post of this thread)
Thank you
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@chopin70 wrote:
In tech support i have ssh root access ? I did not find info on how to proceed once in tech mode
Thank you again
You connect with telnet (not ssh). The user name is root, the password is infr8ntdebug.
Once logged in, you enter
# rnutil chroot
to start raid, and chroot.
Note the data volume isn't mounted (there are some additional steps needed to do that). But this should let you undo the change to the passwd file.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help: locked out from SSH access as root while trying to disable root access as SSH
@chopin70 wrote:
I wanted to disable SSH root login and only enable it for the admin user
Most things you'd want to change would require root access anyway (and you can mess things up badly if you forget to sudo). Personally I wouldn't have done this.
@chopin70 wrote:
... the guide is dated 2011
OS-6 NAS came out in 2013, so that guide would have been either for NV+ (4.1.x firmware) or Ultra/Pro (4.2.x firmware). No idea on how it would apply to OS-6.
@chopin70 wrote:
Please any one help me reset the access as it is now lost. I will try OS reinstall, but I really want to avoid a hard reset 😞
If the OS reinstall doesn't restore access, you can boot up in tech support mode, and undo your change to the passwd file.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help: locked out from SSH access as root while trying to disable root access as SSH
Thank you again
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@chopin70 wrote:
In tech support i have ssh root access ? I did not find info on how to proceed once in tech mode
Thank you again
You connect with telnet (not ssh). The user name is root, the password is infr8ntdebug.
Once logged in, you enter
# rnutil chroot
to start raid, and chroot.
Note the data volume isn't mounted (there are some additional steps needed to do that). But this should let you undo the change to the passwd file.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help: locked out from SSH access as root while trying to disable root access as SSH
Thank you again, you saved me
I could telnet and revert the changes. Even DHCP was enabled so I did not have to make a direct PC connection as I thought
By the way, I tested the trick in last post from https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/SSH-Configuration-reset-on-reboot/m...
It properly works. It is wired because I was creating a /etc/ssh/sshd_config.bak file that was deleted whenever the SSH service was restarted from GUI. I thought all the /etc/ssh folder was recreated dynamically. However, a sshd_config.custom file, like proposed, was preserved
That way, the changes can effectively be done in sshd_cong.custom which is the proper was to start the service with custom settings
Since I am migrating the ReadyNAS to just a backup server, I just don't need the root SSH access all the time and I am used to never login as root on other systems. I just need to SSH for rsync jobs started from a remote system and for the occasional maintenance. For such tasks, changing the default port and disabling root user login is recommended.
Hope this can help others looking to customize the SSH access.
Warning to others: just do it at your own risk and if you understand the changes you do + ensure the telnet access can let you access the files you change