[lang]

Present Perfect

Personal
Projects
Packages
Patches
Presents
Linux

Picture Gallery
Present Perfect

Debugging sshd on N900 (after restore from backup)

Filed under: maemo — Thomas @ 8:52 pm

2011-4-14
8:52 pm

I got my N900 back. The micro-USB port had broken off cleanly. Apparently that’s a known thing. I brought it to a Nokia Support Centre and they fixed it in two weeks. So far for the good news.

The bad news is that, even if they only reattached a connector, they still wiped the phone itself. I had a backup from the backup application and a dirvish backup of /home/user

But obviously that’s not enough. First of all, restoring from the backup takes a while – it reinstalled 110 apps, 20 of which stopped the installation because they feel I should click ok to install. Sigh.

Transferring 30 GB of old data is slow no matter which way you cut it.

I lost my Angry Birds levels and the Sygic Mobile Maps app, still trying to figure out if I can get those back easily.

But at the moment I’m mostly annoyed at my problems figuring out why I can’t ssh as user@ to the N900 anymore.

So, here are the steps I took:

$ sudo gainroot
# apt-get install sysklogd
# vi /etc/syslog.conf
(uncomment the line that says: auth,authpriv.* /var/log/auth.log)
# vi /etc/ssh/sshd_config
change LogLevel to DEBUG3
# killall sshd
(doing /etc/init.d/ssh restart does not actually get the job done; neither does initctl stop sshd)
# tail -f /var/log/auth.log
(finally the log is there)
try and log in

Now the log tells me:
Apr 7 12:51:31 Nokia-N900 sshd[2266]: User user not allowed because account is locked

And a quick look at /etc/passwd shows ! as the password, meaning the account is locked out.

So…

# passwd user
(pick a password)

then try and log in again using ssh keys, and now it works.

I had no idea a user needed a password before being allowed to log in with ssh keys (not using the password).

After this, don’t forget to set logging back to INFO lest you fill up your limited disk space with useless debug info.

4 Comments »

  1. I think you can put ‘*’ in the passwd file to still have no password but be able to log in via ssh.

    Comment by Michael Hudson-Doyle — 2011-4-14 @ 11:37 pm

  2. Account locking with ‘!’ in the password field is not necessarily honoured by all auth. methods; however, sshd does honour it.

    Comment by Matthew W. S. Bell — 2011-4-15 @ 12:37 am

  3. Does sshd on the n900 use pam? If so you might be able to modify the session requirements in /etc/pam.d/sshd so you don’t need a password set on the account to login. I think
    session required pam_unix.so
    requires a the account to be enabled.

    Comment by Phil — 2011-4-18 @ 9:41 am

  4. I can confirm that replacing ! with a * in /etc/passwd is sufficient to allow ssh user@your-n900.

    Mucking with /etc/passwd was not necessary in earlier OS versions, but I don’t know if the change was in the shipped /etc/passwd, or if sshd started honoring account locks.

    Comment by Marius Gedminas — 2011-4-20 @ 1:31 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment

picture