SOLVED: Locked out after SSH/SSL/TLS enabling

  • Hello,


    I suppose this belongs into „network“:


    I‘ve been locked out twice now. So here is what I did:


    Set root PW on installation;

    Went to the web interface to change from „admin/openmediavault“ to personalised credentials (used same as root PW);

    Created two certificates: SSL/TLS and SSH;

    Added the certificates and selected to enable secure connections (currently there’s only http on the web interface);

    Personalised the web and SSH port (simply in line with my previous access settings to the machine this one is replacing, so no need to change bookmarks etc for remote access);

    When enabling TLS/SSL i got „an error has occurred“

    So NMAP shows 4 ports: 80, 22, 111, 445 for SSH, HTTP, rpcbind, microsoft-ds- so I assume the changes were not applied.


    Used SSH, port 22 from a local machine „ssh 192.168.169.170 -p22“ (can I actually add the -X option?)

    I got the usual fingerprint confirmation;

    Otherwise I am locked out;

    SSH via terminal on port 22 from a local machine does respond with a PW request (username@192.168...) but the PW does not work.

    And I double, triple etc checked- the PW is correct and there is so far only one option (but not even the default „openmediavault“ works- just in case changed were not applied).


    I get to responses: „permission denied, please try again“ and „permission denied (publickey,password) when I was playing with potential mis-spellings (extremely unlikely, but still- I tried).


    I already did a re-install. This is a bit frustrating.


    Is this a bug?

  • I think you may have made too many changes all at once.


    Some things to keep in mind about ssh.


    The admin user can not access via ssh or console. This is by design.


    Users needing ssh access must be a member of the ssh group.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • Hm thanks.

    I have now done a re-install (was just quicker).

    And I finally had time to do some more reading (the intro is long but very good indeed- my regards to the author!).

    Few things stood out for me:


    „admin“ remains a user on the GUI and I should apparently not expect a user I set up to be able to login as root (unless I added him to to the root/admin group- which I now did).


    Login as „root“ via command line seems the same on the OMV as a remote machine using „root“ as login nam (I used a user name and expected to do a „sudo“ without having given this user root permissions on setup).


    What remains is this: How to I trigger „httpS“ access instead of „http“?

  • Seems browsers are getting more picky about certificates. If names don't match the self signed cert or date or whatever they wont let you go to the page. Try the ip address instead. Or setup letsencrypt.


    If it is just for local access do you need https?

    If you make it idiot proof, somebody will build a better idiot.

  • Just tried with a standard Firefox: 192.168.169.170:443 - bad request

    192.168.169.170:80 loads the GUI login


    nmap 192.168.169.170 returns

    ...

    443/tcp open https

    ...


    I‘m tempted to activate the option to force a secure connection, but i‘m concerned about being locked out of the GUI again.


    How can I reverse this using the terminal ssh access?

    Guess I‘d need to find the file where this info is stored- some equivalent to the sshdconfig I guess...

  • NAS-i-Goreng

    Changed the title of the thread from “Locked out after SSH/SSL/TLS enabling” to “SOLVED: Locked out after SSH/SSL/TLS enabling”.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!