SOLVED: Locked out after SSH/SSL/TLS enabling

  • Hello,


    I suppose this belongs into „network“:


    I‘ve been locked out twice now. So here is what I did:


    Set root PW on installation;

    Went to the web interface to change from „admin/openmediavault“ to personalised credentials (used same as root PW);

    Created two certificates: SSL/TLS and SSH;

    Added the certificates and selected to enable secure connections (currently there’s only http on the web interface);

    Personalised the web and SSH port (simply in line with my previous access settings to the machine this one is replacing, so no need to change bookmarks etc for remote access);

    When enabling TLS/SSL i got „an error has occurred“

    So NMAP shows 4 ports: 80, 22, 111, 445 for SSH, HTTP, rpcbind, microsoft-ds- so I assume the changes were not applied.


    Used SSH, port 22 from a local machine „ssh 192.168.169.170 -p22“ (can I actually add the -X option?)

    I got the usual fingerprint confirmation;

    Otherwise I am locked out;

    SSH via terminal on port 22 from a local machine does respond with a PW request (username@192.168...) but the PW does not work.

    And I double, triple etc checked- the PW is correct and there is so far only one option (but not even the default „openmediavault“ works- just in case changed were not applied).


    I get to responses: „permission denied, please try again“ and „permission denied (publickey,password) when I was playing with potential mis-spellings (extremely unlikely, but still- I tried).


    I already did a re-install. This is a bit frustrating.


    Is this a bug?

    Some content might be slightly modified to mask personal settings- just to keep the sharks away, you never know :)

  • I think you may have made too many changes all at once.


    Some things to keep in mind about ssh.


    The admin user can not access via ssh or console. This is by design.


    Users needing ssh access must be a member of the ssh group.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • Hm thanks.

    I have now done a re-install (was just quicker).

    And I finally had time to do some more reading (the intro is long but very good indeed- my regards to the author!).

    Few things stood out for me:


    „admin“ remains a user on the GUI and I should apparently not expect a user I set up to be able to login as root (unless I added him to to the root/admin group- which I now did).


    Login as „root“ via command line seems the same on the OMV as a remote machine using „root“ as login nam (I used a user name and expected to do a „sudo“ without having given this user root permissions on setup).


    What remains is this: How to I trigger „httpS“ access instead of „http“?

    Some content might be slightly modified to mask personal settings- just to keep the sharks away, you never know :)

    • Official Post

    Seems browsers are getting more picky about certificates. If names don't match the self signed cert or date or whatever they wont let you go to the page. Try the ip address instead. Or setup letsencrypt.


    If it is just for local access do you need https?

  • Just tried with a standard Firefox: 192.168.169.170:443 - bad request

    192.168.169.170:80 loads the GUI login


    nmap 192.168.169.170 returns

    ...

    443/tcp open https

    ...


    I‘m tempted to activate the option to force a secure connection, but i‘m concerned about being locked out of the GUI again.


    How can I reverse this using the terminal ssh access?

    Guess I‘d need to find the file where this info is stored- some equivalent to the sshdconfig I guess...

    Some content might be slightly modified to mask personal settings- just to keep the sharks away, you never know :)

  • Thanks.

    This will hopefully help.

    I created a separate thread on the HTTPS issue, just to keep topics separate (hope that helps...): No HTTPS thread


    So guess that one is solved, thanks for the help

    Some content might be slightly modified to mask personal settings- just to keep the sharks away, you never know :)

  • NAS-i-Goreng

    Changed the title of the thread from “Locked out after SSH/SSL/TLS enabling” to “SOLVED: Locked out after SSH/SSL/TLS enabling”.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!