How do i get root access again, step by step?

Any questions about the Command Line Interface can be placed here!
Forum rules
Please note the disclaimer before modifying your Synology Product.
User avatar
dgcruzing
Novice
Novice
Posts: 40
Joined: Thu Nov 15, 2012 8:30 am

Re: How do i get root access again, step by step?

Postby dgcruzing » Sat Mar 26, 2016 2:25 am

keith123 wrote:Figured out how to get into winscp as root

Using putty
SSH as admin (you should never have a problem here if you do set password for admin in the Control Panel > Users in DSM)
Type
Sudo -i

This will prompt you for a password use your admin password

Now you'll be SSH in as Root

Type this, it will set the password of your choosing to the root account.

synouser --setpw root [PASSWORD]m

Login with root using Winscp! :)


Just tried this.. and with out the "m"
is that a typo?
As it didn't stick for me..

synouser --setpw root [PASSWORD]

Seemed to work... I logged in ok..
but went to edit a file as i could before DSM6 update..

Open in to editor..make a change... i.e config.php
But getting this error when saving

"scp: /volume2/@appstore/Moodle/moodle/config.php: Permission denied"

of course permission are looking like this at the moment on that file RW-R--R--

While I can get Root within a Terminal window using Putty, or Bitvise SSH Client.. this does open up editing possibilities using VI.

I suppose the question is...

Do I use go in and change these permissions on the files I want to edit all the time?
How does this affect the operation of these files?
i.e what other problems is it going to course if they sit on the system with rwxr-xr-x?

Also.. within WinScp these commands are useless now?
Image

"Error skipping startup message. Your shell is probably incompatible with the application (BASH is recommended)."
User avatar
dgcruzing
Novice
Novice
Posts: 40
Joined: Thu Nov 15, 2012 8:30 am

Re: How do i get root access again, step by step?

Postby dgcruzing » Sat Mar 26, 2016 3:13 am

Hassan wrote:I'm sure there are security implications to this if someone figures out your administrator password, but here goes

I think the reason it is giving that error, is because if you type in sudo su - in terminal (putty), it asks for a password, reading the documentation on winscp, it says that winscp does not support this, so you have to stop it asking for a password when you want to sudo

so, edit (i used vi) /etc/sudoers, comment out the line that says

Code: Select all

%administrators ALL=(ALL) ALL

to

Code: Select all

#%administrators ALL=(ALL) ALL


and create a new line that says

Code: Select all

%administrators ALL=NOPASSWD: ALL


and save it. The file will open as a read only file, so when you try to save and it gives you an error in red, type in the following (including the semicolon) and press enter

Code: Select all

:w !sudo tee %


when it prompts for the password, enter your password.

now, when you log into winscp using the username in your administrators group, it should work.


Hassan... you are da man.. !!!!!

Confirmed working..
Can edit config files now..

Now just need to find the command to start and stop the services to refresh things now..
As httpd -k restart
is not working for me..

Also.. what is the security problems we have opened up by doing this?
Krokodyle
Trainee
Trainee
Posts: 15
Joined: Sun Mar 13, 2016 12:51 am

Re: what is "root" user's password?

Postby Krokodyle » Sat Mar 26, 2016 3:47 am

The admin password doesn't work to login as root on my DS216+ with firmware DSM 6. The instructions posted by Synology worked: SSH as admin, then enter command "sudo -i" and re-enter the admin password.
Hassan
Trainee
Trainee
Posts: 10
Joined: Tue Feb 04, 2014 8:49 am

Re: How do i get root access again, step by step?

Postby Hassan » Sat Mar 26, 2016 4:38 am

Well, I'm not sure about synology boxes since the root password is usually the same as the admin password, but for other systems where the passwords may be different, I suppose if someone figured out your admin password, they could essentially gain root access since it wouldn't ask them for a password when they enter the sudo su command.

Glad you got that part sorted though

Is that apache? I just googled how to restart on synology boxes and found an old post that says to restart the service you use
/usr/syno/sbin/synoservicecfg --restart httpd-user
User avatar
dgcruzing
Novice
Novice
Posts: 40
Joined: Thu Nov 15, 2012 8:30 am

Re: How do i get root access again, step by step?

Postby dgcruzing » Sat Mar 26, 2016 5:41 am

Hassan wrote:Well, I'm not sure about synology boxes since the root password is usually the same as the admin password, but for other systems where the passwords may be different, I suppose if someone figured out your admin password, they could essentially gain root access since it wouldn't ask them for a password when they enter the sudo su command.

Glad you got that part sorted though

Is that apache? I just googled how to restart on synology boxes and found an old post that says to restart the service you use
/usr/syno/sbin/synoservicecfg --restart httpd-user


Yes, Apache,
I got it working but turning off services in the apps area..
but the kicker was finding the right PHP.ini files to edit in to..
As they seem to be very limited in their sizing allowance.
which makes it painful when you have to reload large DB tables back into a system.
I got it sorted now and lucky I am using a bitnami stack to run a duplication of my Synology box in the cloud, as I would have been screwed if I didn't have all those back up files..

Just a note for those that dont know about bitnami..
google them.. I am running a bitnmai/AWS stack
I am tipping this is one of the most disruptive industries we will see in this space.
Absolutely going to kill the website hosting space and the deployment of software.
really cool stuff.. and it just blows my mind where we aew going with all of this..
as I was lucky to play with a NeXt box back in 89 that has 4x layers of DOS and 6 of linux..
Now we can have a section of a SSD card in the cloud running all of our apps and take the headache of admin away for a pittance per month
Careless
Student
Student
Posts: 62
Joined: Fri Dec 23, 2011 6:00 am

SSH Root/Admin password not accepted?

Postby Careless » Sat Mar 26, 2016 10:56 am

Recently I've been trying to log into my DS712+ using ssh. Though I am on DSM 6.0-7321, this has been an issue with the previous build version as well.

I have done this before this exact same way.

Code: Select all


ssh root@ip -pXXX



ssh root user @ diskstation ip on -port XXX

and it prompts me for a password. it will not accept the password and instead return this message:



Image



it will not accept my administrator account login, yet if I try to connect using admin@ip, it will connect using the same password.

As I recall, I did not change anything in the past that would cause this change to the root user itself. The only thing I remember being done is Synology being granted access to make a modification to their DSM6.0 beta files because I had an issue where a file in Package Center was corrupt, and they made a repair.

I have tried turning on/off ssh and telnet and rebooting, but did not succeed in connecting via SSH root.

I HAVE contacted Synology TWICE now through the support app about connecting to my server and attempting to reset or see what the issue is- but they have not replied to either request.

Can anyone direct me into some diagnostics or post some steps to at least verify what the issue is? I am not an advanced CLI user, but I'm pretty capable- but this is something I would rather post about before changing things I am not sure of.
stuart0001
Beginner
Beginner
Posts: 25
Joined: Mon Jun 08, 2015 10:16 am

Re: How to login with root?

Postby stuart0001 » Sat Mar 26, 2016 12:33 pm

charliepben wrote:Hi everybody,

well.. i think i messed up with vi while editing sudoers.
Now when i 'sudo su -' i have :

>>> /etc/sudoers: syntax error near line 13 <<<
sudo: parse error in /etc/sudoers near line 13
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin


Do you think there is anything i can do?


Same here. Can anyone help?
Jerenes
I'm New!
I'm New!
Posts: 5
Joined: Sun Jan 24, 2010 1:50 pm

Re: How do i get root access again, step by step?

Postby Jerenes » Sat Mar 26, 2016 2:29 pm

@Careless

Let me guess, you've just upgraded to DSM 6?
I have several syno's and I've tried it out on one.
DSM 5.x, ssh login root@syno -pxxx and the password for admin ... works like a charm
upgrade syno
DSM 6.x, ssh login root@syno -pxxx and now it refuses to login with admin pw.
DSM 6.x, ssh admin@syno -pxxx and password for admin --> works like a charm, but no elevated rights.


I've found the solution for this somewhere else. This is for DSM6 and onwards.
Login as admin via ssh.
1. ssh admin@syno -p xxx and use the password for your admin account.
2. at the prompt when you need elevated rights do:

Code: Select all

sudo su -
and fill in the admin password again. That makes you root with elevated rights.

Hope that solves some stuff for you.
Regards,
Jeroen
muelleh
I'm New!
I'm New!
Posts: 4
Joined: Wed Jul 09, 2014 8:02 pm

Here is how to enable root login for ssh/scp

Postby muelleh » Sat Mar 26, 2016 4:57 pm

Even if I don't know why so many users will ssh or scp with the root account, here is how to enable that.

Synology simply has not set a password for account root (actually the locked it out using a "*" for password hash). Here is how to enable the root access for ssh/scp:

1. Login using putty or any other ssh client with administrator account (usually "admin")
2. You will be asked for a password. Enter the one for the administrator account
3. You will get a command prompt
4. Enter: sudo su -
5. You will be asked for a password. Enter again the one for the administrator account
6. You will get a command prompt root@...
7. Enter command: synouser --setpw root your_new_root_password

For "your_new_root_password" please use the desired password for root account.

Now you can login using "ssh root@your_diskstation" as usual (of course this work for scp also). No more hassle with sudo...

Regards and have fun,
Holger
deadkenny
Experienced
Experienced
Posts: 137
Joined: Sat Jun 18, 2011 1:44 pm

Re: Here is how to enable root login for ssh/scp

Postby deadkenny » Sat Mar 26, 2016 6:30 pm

Noting that the whole point of disabling root login is for security. It's standard practice and part of the security model of Unix/Linux. The principle is you should never ever allow remote login via root (console login perhaps), and only allow remote access to a restricted user. That user can however get elevated permissions via su or sudo if properly configured and granted rights to do so. Such users should be trusted and better still use key exchange for login instead of passwords.

It also protects the users against making accidental unintended changes or from malware (or worse ransomware as occurred a little while back with Synology) by not running under a root shell, but having to go through the "hassle" of sudo etc.
Last edited by deadkenny on Sat Mar 26, 2016 9:20 pm, edited 1 time in total.
User avatar
Ametz
Apprentice
Apprentice
Posts: 96
Joined: Wed Dec 12, 2012 5:59 pm

Re: Here is how to enable root login for ssh/scp

Postby Ametz » Sat Mar 26, 2016 9:01 pm

muelleh wrote:Even if I don't know why so many users will ssh or scp with the root account, here is how to enable that.

Synology simply has not set a password for account root (actually the locked it out using a "*" for password hash). Here is how to enable the root access for ssh/scp:

1. Login using putty or any other ssh client with administrator account (usually "admin")
2. You will be asked for a password. Enter the one for the administrator account
3. You will get a command prompt
4. Enter: sudo su -
5. You will be asked for a password. Enter again the one for the administrator account
6. You will get a command prompt root@...
7. Enter command: synouser --setpw root your_new_root_password

For "your_new_root_password" please use the desired password for root account.

Now you can login using "ssh root@your_diskstation" as usual (of course this work for scp also). No more hassle with sudo...

Regards and have fun,
Holger


That was perfect easy steps for me to figure out how to do it, thanks..
Synology: DS2413+, 12X 3TB WD Red Edition, SHR-2 Raid
Computer: AMD Phenom x4 3,4 GHz, RAM 12GB, AMD Radeon HD 6900, Win 7 Ult x64, HDD: 60GB SSD+1,5TB+1,5TB
HTPC: Intel i5-3570K 3,4GHz, RAM 16GB, Win 7 Ult x64, HDD: 60GB SSD+2TB+700GB
Theli93
I'm New!
I'm New!
Posts: 1
Joined: Sat Mar 26, 2016 10:35 pm

Re: How to Autologin as ROOT with winSCP and Putty!!!!

Postby Theli93 » Sat Mar 26, 2016 11:06 pm

hYp wrote:How to Autologin as ROOT with winSCP and Putty!!!!

1. First we create Root acces with putty because we need to make some modifications;

Use an ADMIN account to log in with putty,
after that typ the following command,

Code: Select all

sudo su -

now enter the admin password and we have ROOT acces.


2. Now we are going to modify the file sudoers to make sure the SUDO command does not ask for a password again. This is not needed because we allready entered the password for the admin account. This step is crucial because winSCP does not allow password entering interaction.

browse to the sudoers file (/etc/sudoers), and open this file in an editor (I used the editor of Midnight Commander),

at the end of the page enter the following line,

Code: Select all

USER    ALL = NOPASSWD: ALL

replace USER by your admin username.

and save the modified file.


3. Now we are going to setup winSCP and use (sudo su -) as shell, This now works because sudo does not asks again for a password

open winSCP
in win SCP go to the advanced settings of you login account, and under SCP SHELL choose the option

Code: Select all

sudo su -

... now winSCP works as ROOT for the chosen admin account...


This auto root login also works for Putty;

Open the SSH options in Putty, and in the field "Remote Command" type;

Code: Select all

sudo su -

You can now login in Putty with your admin account, and have automatically ROOT acces.


@hYp,
Just wanted to say thanks! This worked perfectly for me under DSM 6.0 after my 415+ updated.
I had some things to repair after the update, and I was beating my head against the wall getting to it all via PuTTY and vi.

I followed your instructions explicitly with the exception of using

Code: Select all

sudo -i
in place of "sudo su -" as you suggested. I also had to add quotes on the USER due to two part name:

Code: Select all

"USER NAME"  ALL = NOPASSWD: ALL

Also, by loading the saved session for "WinSCP temporary session" in PuTTY, and modifying the "Remote Command" in SSH options (as you recommended above - though using "sudo -i" instead) my direct access of PuTTY from winSCP works perfectly as well.

Thanks again!
bwayson
I'm New!
I'm New!
Posts: 3
Joined: Thu Mar 17, 2011 4:19 am

Re: How do i get root access again, step by step?

Postby bwayson » Sun Mar 27, 2016 3:12 am

@dgcruzing, try /usr/syno/sbin/synoservicectl --restart pkgctl-WebStation. You can get a list of all service names with /usr/syno/sbin/synoservice --list.
bossman
Trainee
Trainee
Posts: 18
Joined: Sun Feb 16, 2014 7:13 pm

How to switch from user to root ? / How to store users in passwd file forever with bin/sh ?

Postby bossman » Sun Mar 27, 2016 3:18 am

Since 6.0 final which updated today i got problem with SSH as is see many people there :(

I was connecting to my synology via ssh with auth keys and then i was able to switch to root with "su root" giving admin/root password.
After update i had to change again /etc/passwd of my user, so i could again login via ssh "bin/sh".

So there is first question, isn't it possible to store settings for my user in passwd file forever ?, because now it is rewritten always when synology throw update or i do change something about users or groups in DSM. Second ago I did olso read on forum that 6.0 is rewriting passwd file each reboot, that would be catastrophe if it is true, i have not done reboot yet. Very interesting is that one of my users which has ssh access and "bin/sh" is never rewritten after update nor any change, it's very strange, so i guess it is possible somehow.

Second thing i am not able to switch from my user to root, i could add user to administrator group but i don't want to, olso i don't want to add user to sudoers since i would be able to login to root with my user password and it would be security risk.

Anyone got experience on this subject ?
User avatar
dgcruzing
Novice
Novice
Posts: 40
Joined: Thu Nov 15, 2012 8:30 am

Re: How do i get root access again, step by step?

Postby dgcruzing » Sun Mar 27, 2016 9:00 am

bwayson wrote:@dgcruzing, try /usr/syno/sbin/synoservicectl --restart pkgctl-WebStation. You can get a list of all service names with /usr/syno/sbin/synoservice --list.

Cheers
Will try it out on next edits..

Has anyone got using a public key to work?
I couldn't get these instructions to work..
http://thisguyknows.com/?p=98

Return to “Command Line Interface”

Who is online

Users browsing this forum: No registered users and 3 guests