Thursday, 5 January 2017

Synology NAS - Broke SSH but Telnet saved me

I was fiddling about with SSH on my Synology DS414 NAS, with the intention of setting up password-less authentication ( about which more to follow ).

Having updated the SSHD configuration ( /etc/ssh/sshd_config ), I then found that I wasn't able to restart the SSH service, via the following command: -

synoservicectl --restart sshd

Whilst SSH stopped, it refused to restart.

Which meant that I was locked out ….

Happily, I still had access via the Web UI meaning that I could enable the oh-so-secure Telnet service

Whilst I wouldn't use Telnet ordinarily, it provided me with a nice little "back door" ( perhaps an inappropriate choice of words ).

I was then able to telnet into the box, and sort out the configuration i.e. reverse out the changes to sshd_config.

However, things still weren't rosy. Whilst SSHD was apparently running, I was seeing: -

Permission denied, please try again.
Connection to diskstation closed.

when I tried to ssh in.

Thankfully, I still had the Telnet option, so I checked the normal Unix logs: -

dmesg

[15363.072410] init: sshd main process (32286) terminated with status 255
[15363.079132] init: sshd main process ended, respawning
[15363.543730] init: sshd main process (32305) terminated with status 255
[15363.550438] init: sshd main process ended, respawning
[15364.004256] init: sshd main process (32324) terminated with status 255
[15364.010969] init: sshd main process ended, respawning
[15364.469980] init: sshd main process (32343) terminated with status 255
[15364.476658] init: sshd main process ended, respawning
[15364.933677] init: sshd main process (32363) terminated with status 255
[15364.940675] init: sshd main process ended, respawning
[15365.414906] init: sshd main process (32384) terminated with status 255
[15365.421621] init: sshd respawning too fast, stopped


which wasn't totally helpful.

So I revisited the Web UI, and saw this: -


Yep, you guessed it, I'd disabled the service, so it wasn't ever going to start :-)

So, I'm now back to a working SSH situation - time to go play with SSL keys again :-)

That'll be the next blog post ….

No comments: