Author Topic: No Longer can SSH / SCP using ROOT into my Vera 3 w/ UI5 ?  (Read 1399 times)

Offline Aaron

  • Hero Member
  • *****
  • Posts: 1984
  • Karma: +61/-193
No Longer can SSH / SCP using ROOT into my Vera 3 w/ UI5 ?
« on: December 08, 2015, 03:03:13 am »
Until I today (last time was about a month or so ago) I was able to SSH or SCP into my Vera3 using ROOT. Now I can set Remote w/ temp password and that works fine but root will not allow me in.

I verified that the root password is still intact and correct using command...
nvram show | grep pass

Any ideas?

Offline parkerc

  • Sr. Hero Member
  • ******
  • Posts: 2364
  • Karma: +33/-45
  • Life Moves Pretty Fast....
    • Node Central
Re: No Longer can SSH / SCP using ROOT into my Vera 3 w/ UI5 ?
« Reply #1 on: August 10, 2016, 03:11:07 pm »
I'm experiencing this and wonder if anyone else has the answer ?

I tried to ssh using root and my root password but alas no luck. Following http://wiki.micasaverde.com/index.php/Logon_Vera_SSH, the work around is to enable customer care then you will see a message below stating:

Tech support is enabled

12345678-xxxxxx (SSH: 12121 TS_SRV=vera-us-oem-ts21)

The first part e.g. 12345678 is your Vera serial number, and the second part xxxxxx is the remote password.  So I did that, and successfully logged in via PuTTY.
Once in, I then ran  "nvram show | grep pass"

wifipass=yourverarootpassword

- but that just gives me the same root password that I tried before - which for some reason is not working !

So it's clear I have the right password, and I am using 'root' correctly as the user so why would it say authentication failed !!!

Does anyone have any idea what the cause might be and what alternatives I have ?

 



Offline futzle

  • Beta Testers
  • Master Member
  • *****
  • Posts: 3246
  • Karma: +188/-9
Re: No Longer can SSH / SCP using ROOT into my Vera 3 w/ UI5 ?
« Reply #2 on: August 16, 2016, 05:46:49 am »
The output of nvram will tell you the factory default root (and Wi-Fi) password but over the life of your Vera those can diverge.  If you deliberately change the root password then the nvram output won't change.

A more likely explanation is that the SSH daemon (dropbear) is configured to not allow root to log in with a password.  That's how my Vera is; the presence of the -g option prevents root password logins:
Code: [Select]
# ps | grep dropbear
 6100 root      1128 S    /usr/sbin/dropbear -P /var/run/dropbear.1.pid -s -p 22 -g

It's probable that you can control this by altering entries in /etc/config/dropbear:
Code: [Select]
config 'dropbear'
        # Set these two to 'on'.
        option 'PasswordAuth' 'off'
        option 'RootPasswordAuth' 'off'
        option 'Port' '22'

Vera will need a reboot before it notices the new configuration.

(Having told you all this, allowing SSH to authenticate using legacy passwords rather than public keys is normally not advisable.  It opens you up to brute-force password-guessing bots.  They might even have a chance with the very predictable structure of a Vera default password.  But in the specific case of Vera, where LuaUPnP runs as root, you aren't giving up much security.  Still, once you are in as root, give up on password authentication and use key authentication: put an RSA public key into /etc/dropbear/authorized_keys and then put /etc/config/dropbear back the way you found it.)