Lost root access after DA install

[pgi]

I have installed DA and now can't login SSH as root.
System says that I entered wrong password. The only way I
can login to server by using DA login "admin" and password, but
I don't have root permission. Why is that and how to fix it?
OS: FreeBSD 7.0

Thanks

 

[scsi]

Call your hosting provider.

 

[nobaloney]

scsi: nope. This poster has his own copy of DirectAdmin; not a hosting provider.

pgi: DirectAdmin shouldn't touch your root password. But it may create a new sshd configuration that doesn't allow direct root login. You should try using ssh as admin, then the su command (read: man su) to login as root.

Jeff

 

[scsi]

The he will have to go onsite where his server is to fix the problem. Guess he didnt read the install guide. It says right in it why you lost your root access.

 

[nobaloney]

You're right. Since I use CentOS I don't have that problem, and didn't think of it.

For those who didn't catch that, it's a BSD-specific issue, and can be found here.

**** SPECIAL NOTICE FOR FreeBSD INSTALLATIONS ****

If logging in as a user other than admin or root (using su to gain root access):

You *have* to add "AllowUsers username" to /etc/ssh/sshd_config before you log out from root or you'll lose root on the server forever, and you'll have to format.

Of course you don't have to reformat; you just have to go onsite and use recovery tools to log in and fix it locally.

Jeff

 

[banko]

hi,...

what is the recovery tool you mentioned? could you guide me a bit more? i fell into the same situation - didn't read before install.

thanks!

 

[floyd]

I am not sure about FreeBSD but with Linux you can boot into single user mode and reset the password or boot from a CD and reset the password. Either way you have to be physically at the server to do anything.

 

[Dannik]

Either way you have to be physically at the server to do anything.

This is not entirely true. When logged into DA as Admin (assuming this works) you will be able to edit some files. Ofcourse the sshd_config is not one of them, but when you edit "edit_files.txt" you will be able to add any file you want, like sshd_config.
Edit the file there (using the proper password) and you're almost done. Restart the sshd service (from within DA) and the problem is solved.

I rent a dedicated server with FreeBSD 7 and the machine was preinstalled for me (with DA). I experienced the same problem: no root access at all. A friend of mine (FreeBSD expert) helped me with the above to fix this.

Danny

 

[floyd]

I don't have a FreeBSD machine to test but checking my CentOS machine I cannot edit edit_files.txt as the user admin. The file is owned by diradmin and only diradmin and root can edit that file. You have to have root access to edit the file to give yourself root access. Catch22.

Can somebody else with a FreeBSD machine verify this theory?

 

[Dannik]

I cannot edit edit_files.txt as the user admin. The file is owned by diradmin and only diradmin and root can edit that file. You have to have root access to edit the file to give yourself root access.

You're right about that and that's why I mentioned you have to use the right password. Maybe I had to be more clearly, of course I ment the root password.
So when you want to edit the file, authenticate the root password at the bottom of the screen and when it's correct you have permission to edit the edit_files.txt (and other files which need a password).

Beware: when you want to edit some systemfiles like sshd_config, you have to enter them in edit_files.txt with the option for using a password!
ie:

/etc/ssh/sshd_config=user=root&group=root&permission=644&secure=yes

Also the order of the editable files seems to important; when I put sshd_config as last item, it didn't work! Currently it's the 3rd file from top and it works as it should be.

Danny

 

[floyd]

If you have the root password then you can edit any file you want and there is no problem. What am I missing here?

Your solution suggests that in order to gain root access again you have to have root access.

 

[Dannik]

I might have misunderstood it, but isn't this discussion about being unable to login through SSH, even with using su?

Like Jeff said:

You *have* to add "AllowUsers username" to /etc/ssh/sshd_config before you log out from root or you'll lose root on the server forever

That's why I came up with this solution: when you edit sshd_config from within DA you will be able to restore root-access for use with SSH without the need of being physically with the server.
So when the root password is still allright (needed in DA), but when you're locked out from SSH, this is one way to get your SSH access back.

Danny.

 

[floyd]

But if you can su to root to edit the edit_files.txt file then you can su to root to edit the sshd_config file directly.

Again I don't have a FreeBSD machine to know anything for sure.

 

[Dannik]

Correct, but as I understood (and experienced for myself) even using su did not work because the sshd_config file was not properly edited, so root had no rights to logon at all (with SSH).

Danny

 

[floyd]

To my knowledge sshd_config would not affect the ability to su.

 

[scsi]

Freebsd requires you be in the wheel group to be able to su to root.

 

[Dannik]

scsi is right about that.
And indeed: that was part of the problem too. But with the same workaround (edit through DA) we managed to solve that one too.

Danny

 

[floyd]

I know I am being very dense about this. But could someone please explain how one would be able to edit edit_files.txt but at the same time not be able to edit any other file? You have to have root access to edit edit_files.txt. Wouldn't that same root access allow you to edit any other file on the machine?

 

[nobaloney]

Dannik,

Exactly what steps did you take to edit the file?

Thanks.

Jeff

 

[Dannik]

When logged in into DA with admin rights I go to "File editor". Ofcourse not all files mentioned in this thread are in the pulldown list, so I choose "/usr/local/directadmin/data/templates/edit_files.txt" and hit "Show File".
To edit this file I first need to enter the root password below the edit field.
When the password is correct, access is granted to edit all protected files. So now I am able to edit "edit_files.txt" and add the other files I need to edit, like "/etc/ssh/sshd_config=user=root&group=root&permission=644&secure=yes".

That's all and after saving edit_files.txt I am able to edit files like sshd_config from within DA (although a root password is still needed to grant access).

But like Floyd assumes: this way I am able to edit all files on the server, but only when access is granted for root (using password). But when I am logged on as root through SSH I am also able to edit all files, so at that point there's no difference.

Danny