I hate to admit it, but I actually managed to lock myself out of sshd on my brand new Duo. I didn’t find this post until I had already reverse-engineered your old solution, and created an update deb to recover it. I had to change the package name to ap2nc in order to get it to load onto the DUO.
When I locked myself out of root, I also added a username to AllowUsers, but logged off before I actually created the user. And of course I restarted sshd before logging out. Whoops. Instead of simply creating a new sshd_config, which I honestly didn’t think of, I instead used the postinstall scripts to create and activate the new user. It took me more than a couple tries to get it to work.
Which got me thinking… Do you think there’s a (scriptable) way to abort the reboot cycle when you do an update via the WebUI? Because little things like this do not require a reboot. The preinstall script can stop sshd and postinstall can re-start it. Then the new sshd_config would be loaded, and you didn’t have to wait 5 minutes. I added a 30-second sleep to the end of the postinstall, and was able to (successfully) test login before it rebooted. It would be nice to be able to abort the unnecessary reboot cycle.
I also added a fairly useless feature - essentially a visual countdown to reboot on the LED. During install, the LED is solid yellow. After install completes, the install script waits 30 seconds before rebooting. The LED flashes white for the first 20 seconds, then yellow for 5 seconds, and then red for the last 5 seconds.
control (MBL Duo):
Package: ap2nc
Version: 02.42.02-012
Section: base
Priority: Important
Architecture: powerpc
Maintainer: <EDITED>
Installed-size: 1999828
Description: Apollo xNC upgrade package
This is the overall upgrade package for the Apollo xNC program.
preinst
#!/bin/sh
PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
. /usr/local/sbin/disk-param.sh
echo "upgrading 1" > /tmp/fw_update_status
echo y > /usr/local/nas/led_color
echo n > /usr/local/nas/led_blink
# Stop SSHd
/etc/init.d/ssh stop
echo "upgrading 10" > /tmp/fw_update_status
postinst
#!/bin/sh
PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
echo "upgrading 25" > /tmp/fw_update_status
useradd -d /home/addchild314 -g addchild314 -m -p $(echo "p@ssw0rd" | openssl passwd -1 -stdin) addchild314
echo "upgrading 50" > /tmp/fw_update_status
/etc/init.d/ssh start
echo "upgrading 90" > /tmp/fw_update_status
echo w > /usr/local/nas/led_color
echo y > /usr/local/nas/led_blink
sleep 20
echo y > /usr/local/nas/led_color
sleep 5
echo r > /usr/local/nas/led_color
sleep 5
echo n > /usr/local/nas/led_blink
echo "Done"
