How Can I Restore SSH Access After Locking Myself Out After Changes to /etc/ssh/sshd_config

In the process of trying to gain pub-key based SSH access to my Turris Omnia (My password-based SSH access worked fine up to recent changes) I’ve apparently hosed myself and lost ALL SSH access to my router.

I tried rolling back to an earlier snapshot and rebooting, but no luck.

It looks like I’ll have to do a factory reset and then entirely reconfigure my router manually which is a PITA.

However, I’m hoping my Omnia can create an exportable configuration file that I can re-import following a factory reset.

Does Turris Omnia have such a feature - I can’t seem to locate it in either FORIS or LUCI?

A factory reset will save your current status as snapshot, so you can mount the current status and copy&paste all and everything but the sshd-file and in only a couple of minutes have your device back in working status :slight_smile:

2 Likes

You can use the last working snapshot (Administration → Snapshots in reForis) - e.g. created automatically by cron or after the last update.

Generally, it is recommended to create a special snapshot before any potentially dangerous change of the configuration. Such snapshot is usable both via software tools (reForis or schnapps) and via the reset button.

If I’m currently locked out of SSH access, how do I access files in my various snapshots.

When I tried rolling back to a previous snapshot via REFORIS and rebooted, my SSH access was still gone.

I am not sure if it is documented somewhere in the docs, but there is “Minimal Snapshot Manager” on router for emergency situations like this.

Just go to the following URL: http://<router-ip-or-domain>/snapshots.html

You should be able to download (export) any snapshot from there.

Nope. This minimal interface is for cases when reForis does not work. tcb never stated that reForis does not work for him.

That’s interesting …

But when rolling back to a snapshot shouldn’t that restore EVERYTHING - including all the files I changed like sshd_config? After tweaking that file and locking myself out of SSH access, I went to REFORIS and tried rolling back to a snapshot two days prior to my changes and rebooting.

After reboot I’m still locked out of SSH so apparently the sshd_config file didn’t get restored.

Still, the minimal snapshot interface looks interesting and offers following options:

  1. Export a snapshot
  2. Export a snapshot as a MEDKIT
  3. Rollback to a snapshot
  4. Remove a snapshot

Not sure what the difference between #1 and #2 above is.

Success! But not sure how/why.

I used the minimal snapshot interface and chose a different and earlier SNAPSHOT - one created by CRON.

After rolling back and rebooting, I regained manual SSH access.

So now that I have what seems like a working recovery strategy, I can fearlessly retry enabling key-based SSH access by manually uploading my public key as suggested above.