Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Locked myself out of my server, disabled root access and no other users have sudo
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Locked myself out of my server, disabled root access and no other users have sudo

mawrmawr Member

What should/can I do? Google tells me I should boot from a Live CD or other OS, and edit the /etc/passwd file.

Basically I was trying to disable SSH access while allowing SFTP (which btw I still can't figure out) for a user, but then disabled root login too. No other users have sudo priveleges but I can login to other users.

However I can't do any admin things like add new users (which I need to do).

What can I do?

Thanks!

Comments

  • Dedicated server?

  • What OS?

  • Find a local user exploit?

    Thanked by 1perennate
  • If you can get into single user mode, that's the best route. Otherwise, if you can access the FS with a live CD, you can either update the passwd file to a known hash, or add one of the accounts you can login with to the sudoers file and reboot.

    Thanked by 1mawr
  • Rallias said: Find a local user exploit?

    I like this method! But on a more serious note... assuming this is some flavor of Linux:

    If it's a dedicated server, your root account (assuming that you didn't lock the account using passwd -l) should be able to login from the system console, so if you have KVM or IPMI access, that's your best bet.

    If you did lock the root account, you should be able to boot into single user mode (reboot the server, and on the grub screen, press e, then add "single" to the end of the line that starts with "linux", then press Ctrl+x to boot). Once you're in single user mode, you can fix whatever it is you need to fix and then reboot again.

    If it's a KVM-based VPS, the same advice applies - use the VNC console to log in to the root account or boot into single user mode.

    If it's OpenVZ, you should be able to access the VPS via the recovery console.

    Thanked by 2ironhide mawr
  • Ah, I read this hastily and thought he couldn't login as root due to a bad password or something. You should be able to login to the console and get situated in that case.

    Thanked by 1mawr
  • It's Debian and a dedicated server. I submitted a ticket to WSI but is there any other way? I don't have KVM or IPMI but I do have DirectAdmin installed as a control panel

  • i think the best option is to ask your provider to boot your server from a live CD ("rescue mode" as some providers say) and once logged in, mount the drives if needed and edit your settings.

    If this is done by ticket it is posible that you will need to ask them to boot your server from the HD as usual once you have edited what was needed.

    Thanked by 1mawr
  • GienGien Member
    edited January 2014

    @mawr If you use directadmin and haven't locked yourself out of the DA panel.
    Then go into admin mode.

    Goto 'file editor' select 'sshd_config'

    Restore the sshd file,

    Permitrootaccess to yes

    And you can add additional users, by adding to the last line of the file (my personal prefrence, not required)

    AllowUser usrrname

    Save the file then goto service monitor and restart/reload ssh

    Srry for the linebreaks, im on my mobile, appparently it doesnt function as well

    Thanked by 1mawr
  • @Gien said:
    mawr If you use directadmin and haven't locked yourself out of the DA panel.
    Then go into admin mode.

    Goto 'file editor' select 'sshd_config'

    Restore the sshd file,

    Permitrootaccess to yes

    And you can add additional users, by adding to the last line of the file (my personal prefrence, not required)

    AllowUser usrrname

    Save the file then goto service monitor and restart/reload ssh

    Srry for the linebreaks, im on my mobile, appparently it doesnt function as well

    It won't let me edit the file without "Authenicating" myself by entering the root password, and when I do it says Unable to authenticate (which is because I think I had set root to sbin/nologin through the passwd file)

  • @Zen said:
    Without KVM or IPMI nope. You should make sure any server you get has one of those nowadays.

    Server actually comes with free IPMI but I had to request it. Just waiting on support to give me info right now. Thanks

  • mawr said: It won't let me edit the file without "Authenicating" myself by entering the root password, and when I do it says Unable to authenticate (which is because I think I had set root to sbin/nologin through the passwd file)

    @mawr yeah if you compleetly disabled root password, then thats not an option anymore. Too bad, would have been an easy fix.

    I got a system backup running, so i could restore that one (which also includes sshd_config) and then just add the latest admin/user back ups.. (which are made twice a day) so at most i would lose 12h of data..

    i agree not ideal, but better then doing a clean install :p

    But yes, IPMI is your last resort now.. hope it works

    Thanked by 1mawr
  • MunMun Member

    Why not just use 'su root' it will allow you to go and change to the user root, with full permissions from an account less the root, assuming you have and remember your password.

    http://en.kioskea.net/faq/2320-using-the-su-command

    Please note su is different then sudo, and I think it is a default on debian.

    Mun

  • @Mun, OP stated he cant ssh into his box, as only root has ssh rights. So even getting in the box is impossible. And also su root wil ask for a password and what i could read above that didnt even work, he probably turned off passwords all together..

    and yeah su works on most (if not all) debian based OS, i think on all linux boxes (as i use it regularly on my centos boxes)

    but su requires that another user has ssh access.

  • MunMun Member

    @Gien said:
    Mun, OP stated he cant ssh into his box, as only root has ssh rights. So even getting in the box is impossible. And also su root wil ask for a password and what i could read above that didnt even work, he probably turned off passwords all together..

    and yeah su works on most (if not all) debian based OS, i think on all linux boxes (as i use it regularly on my centos boxes)

    but su requires that another user has ssh access.

    Actually that isn't what he said in the initial post, he stated no users have sudo.

  • Thanks guys! I fixed the issue after a few hours of work in IPMI, I found out I had an account with sudo. Woops. I spent all that work and it didn't even fix it anyways.

  • LOL @mawr all that extra work,

Sign In or Register to comment.