OMV4.x on a HC2 - First root login

    • OMV 4.x
    • OMV4.x on a HC2 - First root login

      Hi guys,

      yesterday I installed OMV on a Odroid HC2 with etcher. I was surprised, because the first time of calling the web interface, the login screen was displayed immediately. I expecting an installation routine like a X86 installation or sonething else. I login with admin (password: openmediavault) and change the passwort. I try a rsync job and filled up the harddisk (0 bytes free) only for a test.
      Today I try to install Shellinabox to clean up the harddisk . It stopped with the following error message:



      Source Code

      1. OMV\Config\DatabaseException: Failed to execute XPath query '//services/shellinabox'. in /usr/share/php/openmediavault/config/database.inc:78
      2. Stack trace:
      3. #0 /usr/share/openmediavault/engined/module/shellinabox.inc(58): OMV\Config\Database->get('conf.service.sh...')
      4. #1 /usr/share/openmediavault/engined/rpc/services.inc(56): OMV\Engined\Module\Shellinabox->getStatus()
      5. #2 [internal function]: OMVRpcServiceServices->getStatus(Array, Array)
      6. #3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
      7. #4 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('getStatus', Array, Array)
      8. #5 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Services', 'getStatus', Array, Array, 1)
      9. #6 {main}
      The error message appers every 5 seconds on the web interface.

      I try to login via root to the ssh shell. How is the password? openmediavault or 1234 failed.

      Second: How can I solve the Shellinthebox error?

      Thanks for help.

      greetings

      phoneo

      The post was edited 1 time, last by phoneo ().

    • First you need to get rid of your data and have some space on your disk.

      I assume you have used one of those images?
      --> sourceforge.net/projects/openm…ngle%20Board%20Computers/

      If yes, these are the passwords:

      Source Code

      1. Web interface:
      2. - username = admin
      3. - password = openmediavault
      4. Console/SSH:
      5. - username = root
      6. - password = openmediavault
      OMV stoneburner | HP Microserver | 256GB Samsung 830 SSD for system | 4x 2TB in a RAID5
      OMV erasmus| Odroid XU4 | 5TB Data drive | 500GB Backup drive
    • WastlJ wrote:

      I assume you have used one of those images?
      --> sourceforge.net/projects/openm…ngle%20Board%20Computers/
      Yes.

      WastlJ wrote:

      If yes, these are the passwords:
      No, not for my ssh connection ... :) . I konw the standard passwords. But root with openmediavault via ssh fails.

      Any other idea? Yes, I can reinstall OMV, because it is only a first test installation. But I think, maybe this problem is interesting for the developers.
    • I suspect that you filled up the root file system, not the hdd? That is a critical and possibly destructive error that never should happen. It might be possible to recover, but likely not by using the OMV GUI.
      OMV 4, 7 x ODROID HC2, 1 x ODROID HC1, 3 x 12TB, 2 x 8TB, 1 x 4TB, 1 x 2TB SSHD, 1 x 500GB SSD, GbE, WiFi mesh
    • Adoby wrote:

      I suspect that you filled up the root file system, not the hdd?
      I filled up the hdd.



      Maybe the flash card (a new one) have errors. I try another card for a new installation.

      @tkaiser

      I found this in the forum:

      cabrio_leo wrote:

      Establish an SSH connection to OMV and log in with user 'root' and password '1234' as @tkaiser has posted.
      I found also the correction, but it could have been possible that the password was changed. That would be a reasonable explanation of why you remembers to 1234. openmedivault and 1234 are not so similar that they could be confused...
    • phoneo wrote:

      openmedivault and 1234 are not so similar that they could be confused...
      1234 is the default root password Armbian uses and the OMV images for ARM and VideoCore SBC are based on Armbian. But on the OMV images I changed that to openmediavault. Doesn't change a bit that following the readme.txt at download location is most basic requirement since of course SSH login with root and a widely known password is NOT active and needs to be enabled first.
    • tkaiser wrote:

      Doesn't change a bit that following the readme.txt at download location
      Let`s don`t turn in cycles. :) Read my first thread:

      phoneo wrote:

      How is the password? openmediavault or 1234 failed.

      phoneo wrote:

      I konw the standard passwords. But root with openmediavault via ssh fails.

      An answer that refers back to the default password is useless! Especially not with a pointed answer like yours.

      The post was edited 1 time, last by phoneo ().

    • phoneo wrote:

      But root with openmediavault via ssh fails.
      You have to login locally with root UNTIL you enable root login in the web interface (disabled by default on arm images). The readme does mention this and tkaiser mentioned this as well.

      If you can't login locally, add a user in the omv web interface and include them in the ssh and sudo groups. Then you can change the root password with sudo passwd root
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      If you can't login locally, add a user in the omv web interface and include them in the ssh and sudo groups. Then you can change the root password with sudo passwd root
      Thank you, that was very helpful @ryecoaaron! I could change the password, but root login failed again. Next I looked to the sshd_config: PermitRootLogin was disabled! =O Back to the web interface: PermitRootLogin was disabled, too. But I change nothing in the ssh config and I guess that PermitRootLogin enable is a default setting from OMV?


      Oh no, that was the right answer:

      ryecoaaron wrote:

      root UNTIL you enable root login in the web interface (disabled by default on arm images)
      My first setup was on a X86, a month ago. So that small difference to an arm image was not present for me. Bad trap.

      The post was edited 2 times, last by phoneo ().

    • phoneo wrote:

      So that small difference to an arm image was not present for me. Bad trap.
      We did that because arm images aren't installed meaning the user can't set the root password like you do on x86. Because all arm images have the same password, we didn't want anyone to be able to login as root over ssh. So, we disabled root logins.
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • It is usually BAD and possibly DANGEROUS to allow remote root ssh login. If allowed it simplifies remote exploits and intrusions.

      That is why remote root ssh login may be disabled by default. And why it should remain disabled, in my opinion.

      GOOD practice is to immediately after a successful install, login using the GUI as admin:openmediavault and:

      1. Change the admin GUI password.
      2. Create a new user.
      3. Add the new user to groups ssh and sudo.

      After this you can login using ssh with the new user. If you need to perform some task that requires root privileges you use sudo or possibly su.
      OMV 4, 7 x ODROID HC2, 1 x ODROID HC1, 3 x 12TB, 2 x 8TB, 1 x 4TB, 1 x 2TB SSHD, 1 x 500GB SSD, GbE, WiFi mesh
    • Adoby wrote:

      It is usually BAD and possibly DANGEROUS to allow remote root ssh login. If allowed it simplifies remote exploits and intrusions.
      Debian 10 disables root login via ssh by default. Ubuntu has also done this for a long time except Ubuntu has the root password disabled as well.
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • While I was looking for the error, I sometimes think ist seems like a RootPermission denied problem. But I didn't draw the consequences.

      ryecoaaron wrote:

      We did that because arm images aren't installed meaning the user can't set the root password like you do on x86.
      I understand it. And I know that I made a beginners mistake.

      @Adoby Thanks for your advise. I will concider it. There is still a lot to learn for me (special permission handling), but I am an educated student and grateful for every tip! :)
    • Adoby wrote:

      2. Create a new user.
      3. Add the new user to groups ssh and sudo.
      In general I agree. But here's the problem and that's why I wrote in the readme at the download location (that gets ignored of course since displayed below the download links):

      https://sourceforge.net/projects/openmediavault/files/OMV%204.x%20for%20Single%20Board%20Computers/ wrote:

      SSH login has to be enabled in web UI prior to usage: Services --> SSH --> Permit root login

      Due to the way how the images are created we have an active root account with a well known password. So once an administrator creates more users and allows them to login as well we created a situation where such a new user logs in, then uses su and can then simply overtake the installation unless the administrator himself assigned a good root password before. That's where the recommendation to 'Permit root login' originates from in the hope the administrator will then login as root himself and is immediately forced to change the password to something secret and sane.

      Only alternative would be to totally 'disable' the root account as it's done in Ubuntu or macOS for example. All my discussions so far with Debian 'fans' led to the conclusion that taking away that 'venerable' account is not worth the hassles/discussions... Maybe in 5 years...
    • tkaiser wrote:

      Only alternative would be to totally 'disable' the root account as it's done in Ubuntu or macOS for example. All my discussions so far with Debian 'fans' led to the conclusion that taking away that 'venerable' account is not worth the hassles/discussions...
      Debian fans aside, I think it would be fine doing it on OMV especially on the arm images. If you are using the command line, you probably know how to 'enable' the root account if we disabled it by default. The only problem is if someone needs to find the IP address locally and can't access the web interface.
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • phoneo wrote:

      Today I try to install Shellinabox to clean up the harddisk . It stopped with the following error message:


      1. OMV\Config\DatabaseException: Failed to execute XPath query '//services/shellinabox'. in /usr/share/php/openmediavault/config/database.inc:78
      2. Stack trace:
      3. #0 /usr/share/openmediavault/engined/module/shellinabox.inc(58): OMV\Config\Database->get('conf.service.sh...')
      4. #1 /usr/share/openmediavault/engined/rpc/services.inc(56): OMV\Engined\Module\Shellinabox->getStatus()
      5. #2 [internal function]: OMVRpcServiceServices->getStatus(Array, Array)
      6. #3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
      7. #4 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('getStatus', Array, Array)
      8. #5 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Services', 'getStatus', Array, Array, 1)
      9. #6 {main}

      This problem probably only occurs if the root password has not yet been changed.