How did I lock myself out of my server, and how did I fix it?
Restoring SSH on the misconfigured Linux system
Currently working as a Senior Consultant at Netcompany spending my full-time job solving the SharePoint riddles. In the free time I'm expanding my understanding of cybersecurity through hacking activities. Git fanboy.
Story
Disclaimer: Following guide helps only if you have phisycal access to the server, so you can obtain the storage device. If you don't (which often happen on cloud like AWS) and you don't have backup.. well there is nothing you can do.
Yeah, so the story is short. I was trying to restore IPv4 SSH configuration so I've changed a sshd_config from
Port 12345
AddressFamily inet6
#ListenAddress 0.0.0.0
#ListenAddress ::
to
Port 12345
AddressFamily inet4
#ListenAddress 0.0.0.0
#ListenAddress ::
And restarted the system (because for some reason, simple sudo systemctl restart ssh didn't work).
And after my Pi rebooted
I couldn't access my system.
For those who don't know yet, what did I wrong⦠Let me share something
I typed AddressFamily inet4 instead AddressFamily inet. Yet another example where Linux basically allows you to do anything you want.
("Source": https://9gag.com/gag/abVPE5O)
Because I didn't brick the system and all I need is to change that line in the sshd_config - solution was simple. Mount that SD card in another Linux system and edit file.
Problem was that my main and only bare-metal system is Windows. So, I had to mount SD card on the guest Linux OS on a Windows host. Here is how
Prepare hypervisor
To be able to see the SD card on the Linux inside VirtualBox you have to prepare VMDK (Virtual Machine Disk) file linked to the device.
You have to repeat these steps each time device is inserted in USB. Windows will assign it the new
PHYSICALDRIVEnumber.
- Put your SD card in a card reader (or USB adapter) and connect to the hardware.
- Open PowerShell as an administrator. List available storage devices with
wmic diskdrive list brief
- Locate SD card
DeviceID- in my example, it is\\.\PHYSICALDRIVE3. - Navigate to the VirtualBox installation folder (or execute command with absolute path) and create VMDK.
.\VBoxManage.exe internalcommands createrawvmdk -filename D:\ETH\pi.vmdk -rawdisk \\.\PHYSICALDRIVE3 - Run VirtualBox as administrator (file was created by the administrator, so a regular user won't be able to access it in VirtualBox). Note: VM should be turned off.
If you have changed the VMDK file (ex. generated once again for new
PHYSICALDRIVE) that is already imported in VirtualBox, you have to remove it and add again (in File -> Virtual Media Manager...). Otherwise machine with attached VMDK won't run.
- Open Settings for guest Linux machine. Navigate to Storage. Locate SATA Controller and enable Use Host I/O Cache.
- Click small Add hard disk icon.
- Click Add.
- Browse for the VMDK file, select and confirm adding to the machine. You should see it is connected to SATA controller.
Mount SD card
- Launch Linux host system (start VM).
- List available devices. Find out which one is SD Card.
sudo fdisk -l - Create a mount point (if don't already created one for such purposes).
sudo mkdir /mount/external-sd - Mount file system.
sudo mount /dev/sdb2 /media/external-sdDon't mount whole device as
mount /dev/sdb .... Use only the partition that is not marked as boot (or more accuratly, mount Linux partition)
- Now SD card file system is available under
/media/external-sd
Safely remove SD card
- After changes are made, unmount the device.
sudo umount /media/external-sd - Close the VM.
- Remove VMDK file.
- Safely remove hardware and eject media.
$ sudo mount /dev/sdb2 /media/external-sd
Conclusion
After all that wasn't so problematic this time, becasue I had to modify back single line in SSH config. ..but now I have a second SD card with system that got closed abruptly during the updates. Now all my login tries got rejected π
