plugout.net

[fvdw]

also please check time stamp of the /md8/etc/shadow file

[fariaslcfs]

Code: Select all

root@(fvdw-kirkwood):/md8/usr/lib/python2.6/site-packages/unicorn/authentication/local # tftp -l user.py -r user
.py -g 192.168.39.21
root@(fvdw-kirkwood):/md8/usr/lib/python2.6/site-packages/unicorn/authentication/local # ls -lh
total 64
-rw-rw-r--    1 root     root           0 Nov  3  2010 __init__.py
-rw-rw-r--    1 root     root         160 Nov  3  2010 __init__.pyc
-rw-rw-r--    1 root     root         160 Nov  3  2010 __init__.pyo
-rw-rw-r--    1 root     root        8.4K Nov  3  2010 group.py
-rw-rw-r--    1 root     root        7.7K Nov  3  2010 group.pyc
-rw-rw-r--    1 root     root        7.5K Nov  3  2010 group.pyo
-rw-r--r--    1 root     root        8.1K Jan  1 01:39 user.py
-rw-rw-r--    1 root     root        7.2K Nov  3  2010 user.pyc
-rw-rw-r--    1 root     root        7.2K Nov  3  2010 user.pyo


File user.py copied. The date and time looks like internal clock is misconfigured.
The same happens with shadow file:

Code: Select all

-rw-rw-r--    1 root     root         416 Jan  1 00:42 shadow


Now proceeding to Lacie booting.

[fvdw]

at least date is changed so file is updated , so try if you can access after reboot

[fariaslcfs]

at least date is changed so file is updated , so try if you can access after reboot

Same output: "Connection closed by remote host"

Code: Select all

2021-03-24 16:46:01   Attempting keyboard-interactive authentication
2021-03-24 16:46:01   Server refused keyboard-interactive authentication
2021-03-24 16:46:05   Sent password
2021-03-24 16:46:21   Access granted
2021-03-24 16:46:21   Opening main session channel
2021-03-24 16:46:21   Opened main channel
2021-03-24 16:46:22   Allocated pty
2021-03-24 16:46:22   Started a shell/command
2021-03-24 16:46:22   Session sent command exit status 1
2021-03-24 16:46:22   Sent EOF message
2021-03-24 16:46:22   Main session channel closed
2021-03-24 16:46:22   All channels closed


[fvdw]

:fists

can you post content of
/md8/etc/ssh/sshd_config and ssh_config

/md8/etc/shadow

including time stamp of these files

[fariaslcfs]

:fists

can you post content of
/md8/etc/ssh/sshd_config and ssh_config

/md8/etc/shadow

including time stamp of these files

Shadow:

Code: Select all

root@(fvdw-kirkwood):/md8/etc # cat shadow
root:$1$$CoERg7ynjYLsj2j4glJ34.:12542:0:99999:7:::
bin:*:12488:0:99999:7:::
daemon:*:12488:0:99999:7:::
sync:*:12488:0:99999:7:::
shutdown:*:12488:0:99999:7:::
halt:*:12488:0:99999:7:::
operator:*:12488:0:99999:7:::
nobody:*:12488:0:99999:7:::
anonymous::12488:0:99999:7:::
messagebus:!:12488:0:99999:7:::
haldaemon:!:12488:0:99999:7:::
avahi:!:12488:0:99999:7:::
admin:$1$$CoERg7ynjYLsj2j4glJ34.:12488:0:99999:7:::


Shadow time stamp:

Code: Select all

-rw-rw-r--    1 root     root         416 Jan  1  1970 shadow


Time stamp of ssh... :

Code: Select all

-rw-r--r--    1 root     root        1.4K Nov  3  2010 ssh_config
-rw-r--r--    1 root     root        3.2K Nov  3  2010 sshd_config


Content of ssh... :

Code: Select all

root@(fvdw-kirkwood):/md8/etc/ssh # cat ssh_config
#       $OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no


Code: Select all

root@(fvdw-kirkwood):/md8/etc/ssh # cat ssh_config
#       $OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
root@(fvdw-kirkwood):/md8/etc/ssh #
root@(fvdw-kirkwood):/md8/etc/ssh # cat sshd_config
#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server


Well, I'm finishing today, and will probably be back on next friday. See you then.

[fvdw]

thank you
so shadow file is ok
It seems that the sshd_config file is not updated at boot
On line 41 it mentioned #PermitRootLogin yes but the # means this line is not executed
This could be why root login fails
I modified the file by taken away this #
So write this file in attached zip archve to /md8/etc/ssh to replace the original sshd_config file using tftp, you know how by now

[fvdw]

after that try again if can get access via ssh

[fariaslcfs]

after that try again if can get access via ssh

Again: "Connection closed by remote host"
using terminal program MobaXterm, when the resulting log was:

Code: Select all

2021-03-26 09:24:08   Welcome to MoTTY (2021-01-10)
2021-03-26 09:24:08   Current working directory: C:\Users\farias.ASE-PC-39021\AppData\Local\Temp\Mxt210\bin
2021-03-26 09:24:08   Protocol: ssh
2021-03-26 09:24:08   Initializing backend...
2021-03-26 09:24:08   Looking up host "192.168.39.220" for SSH connection
2021-03-26 09:24:08   Connecting to 192.168.39.220 port 22
2021-03-26 09:24:08   Backend initialized.
2021-03-26 09:24:08   Activating KEYWORDS syntax
2021-03-26 09:24:08   Ready to peek messages.
2021-03-26 09:24:08   Remote version: SSH-2.0-OpenSSH_5.1
2021-03-26 09:24:08   We believe remote version has SSH-2 channel request bug
2021-03-26 09:24:08   Using SSH protocol version 2
2021-03-26 09:24:08   Forced-sha-unaccel version
2021-03-26 09:24:08   We claim version: SSH-2.0-MoTTY_Release_0.73
2021-03-26 09:24:08   No GSSAPI security context available
2021-03-26 09:24:08   Doing Diffie-Hellman group exchange
2021-03-26 09:24:08   Doing Diffie-Hellman key exchange using 4096-bit modulus and hash SHA-256 (unaccelerated) with a server-supplied group
2021-03-26 09:24:09   Server also has ssh-dss host key, but we don't know it
2021-03-26 09:24:09   Host key fingerprint is:
2021-03-26 09:24:09   ssh-rsa 2048 45:cd:80:3c:7d:09:c4:be:cb:eb:58:b8:46:86:7c:5a
2021-03-26 09:24:09   Initialised AES-256 SDCTR (unaccelerated) outbound encryption
2021-03-26 09:24:09   Initialised HMAC-SHA-1 (unaccelerated) outbound MAC algorithm
2021-03-26 09:24:09   Will enable zlib (RFC1950) compression after user authentication
2021-03-26 09:24:09   Initialised AES-256 SDCTR (unaccelerated) inbound encryption
2021-03-26 09:24:09   Initialised HMAC-SHA-1 (unaccelerated) inbound MAC algorithm
2021-03-26 09:24:09   Will enable zlib (RFC1950) decompression after user authentication
2021-03-26 09:24:13   Entered username: Fausto
2021-03-26 09:24:13   Server supports following auths:  publickey password keyboard-interactive
2021-03-26 09:24:13   Attempting keyboard-interactive authentication
2021-03-26 09:24:13   Server refused keyboard-interactive authentication
2021-03-26 09:24:13   Server supports following auths:  publickey password keyboard-interactive
2021-03-26 09:24:16   Sent password
2021-03-26 09:24:16   Initialised delayed zlib (RFC1950) decompression
2021-03-26 09:24:16   Initialised delayed zlib (RFC1950) compression
2021-03-26 09:24:16   Access granted with AUTH_TYPE_PASSWORD
2021-03-26 09:24:19   Requesting activation of MobaXterm remote monitoring...
2021-03-26 09:24:19   Opening main session channel
2021-03-26 09:24:19   Opened main channel
2021-03-26 09:24:24   X11 forwarding refused
2021-03-26 09:24:24   Allocated pty
2021-03-26 09:24:24   Displaying banner
2021-03-26 09:24:24   SSH-browser result: 2
2021-03-26 09:24:24   Started a shell/command
2021-03-26 09:24:24   Session sent command exit status 1
2021-03-26 09:24:24   Sent EOF message
2021-03-26 09:24:24   Main session channel closed
2021-03-26 09:24:24   All channels closed

Then found out that suspicious "X11 forwarding refused" .
Googled it and found this page.
Used the Linux VI editor and changed #X11Forwarding no to X11Forwarding yes.
Booted LACIE again without success.
However, the event log came with some extra lines:

Code: Select all

2021-03-26 09:49:56   Opening main session channel
2021-03-26 09:49:56   Connection sharing downstream #1: connected from process id 1544
2021-03-26 09:49:56   Connection sharing downstream #1: Downstream is a SCP transfer
2021-03-26 09:49:56   Allocating downstream channel for SCP transfer...
2021-03-26 09:49:56   Opened main channel
2021-03-26 09:49:56   Remote debug message: No xauth program; cannot forward with spoofing.
2021-03-26 09:49:56   X11 forwarding refused

Then, changed ssh_config the same way as did with sshd_config: unsuccessful.
Log excerpt:

Code: Select all

2021-03-26 10:14:54   Opening main session channel
2021-03-26 10:14:54   Opened main channel
2021-03-26 10:14:54   Remote debug message: No xauth program; cannot forward with spoofing.
2021-03-26 10:14:54   X11 forwarding refused

So, LACIE has not XAUTH (apparently). Perhaps the actions done above were useless. Should I revert it?
... time to close the office. I will be back next week. See you!

[Mijzelf]

Can you try to specify your own command:

Code: Select all

ssh <user>@<ip-address>  /bin/sh -i

And can you try if you can connect using scp? On Windows you can use WinSCP for that, on Linux scp.

Code: Select all

scp <user>@<ip-address>:/bin/sh .

should copy /bin/sh from the NAS to your local directory.