I just broke SSH on my MBL; need help

I’ve done something stupid, and am stopping for help before I make things worse or my machine reboots and I lose all connectivity.

I wanted to install git on my My Book Live. so…

  • I enabled ssh

  • logged in as root to the device

  • did    apt-get update; apt-get install git

  • It wanted to install a large number of packages, replace many, and remove some.

  • I was a bit worried that it wanted to remove open-ssl, but it looked like it was installing related replacements, so I said ok.

  • Along the way, it asked about overwriting /etc/{apache2,cli}/php.ini.

  • For both, I said to replace, but I saved copies of the old versions

  • When apt-get finished, it warned “Your apache2 configuration is broken, so we’re not restarting for you”

  • My existing ssh connections to the box are still ok, but I can not make a new one; new connections are refused.

The NAS web page is broken. The main page displays, but none of the links works, and it reports 0 GB data stored, even though the data is intact.

I assume that I need to put back the original .ini files and then (how?) restart the apache2 server. But, I’m afraid to reboot, since I’ll then lose my existing ssh connections.  Hoping someone can give me safe, step-by-step hand-holding.

Thanks (sheepishly),

David

1 Like

I would install a clean OS since you still have access to ssh

I would use 02.11.09-053 to debrick to… Then upgrade to the latest firmware after you get your shares all setup

So the complete steps would be

  1. Download resetButtonAction.zip from http://www.mediafire.com/?42pv7zrx1kx3xkk

  2. Download the firmware from http://download.wdc.com/nas/apnc-021109-053-20120413.deb

  3. Download 7zip from http://www.7-zip.org/download.html

  4. Install 7zip and open it and find the MyBookLive firmware .deb file and double click it and you will see “data.tar” where you will again double click and be presented with a “.” Double click the “.” then double click “cache volume” then double click “upgrade” and then highlight “rootfs.img” and hit extract

  5. Copy rootfs.img to the root of your Public folder on the MyBookLive

  6. Unzip resetButtonAction.sh from the zip file downloaded in step 1

  7. Copy it to the Public folder and then run this command in PuTTY to copy it to the OS

    cp /DataVolume/shares/Public/resetButtonAction.sh /usr/local/sbin/resetButtonAction.sh

MAKE SURE IT ASKS IF YOU WANT TO OVERWRITE THE FILE

Type Y when asked if you want to overwrite the existing file

  1. Run the script in PuTTY (Windows) or Terminal (Mac) by typing

    /usr/local/sbin/resetButtonAction.sh

  2. The LED will blink red while the script is restoring a fresh copy of the firmware to your MyBookLive

  3. After several minutes, the drive should reboot and when you get to a solid green LED, access the dashboard and you should be asked to choose your language like you would if the drive was brand new

If your shares are still listed in the MyBookLive dashboard but are not accessible, rename the shares and then rename them back to get them linked properly again.
Example: Movies>Movies1>Movies

If your shares are missing in the MyBookLive dashboard, recreate them in the dashboard and you will be able to access your data again

A reboot is required to get the share and drive usage totals to reflect the actual data usage after these changes

2 Likes

Although I have never tried to install git

The proper steps would probably be

Edit your sources.file so that the only active sources are the squeeze sources

nano /etc/apt/sources.list

Edit it to look like this

deb http://ftp.us.debian.org/debian/ squeeze main#deb http://ftp.us.debian.org/debian/ sid main#deb http://ftp.us.debian.org/debian/ experimental main

 This removes the package references to the firmware

rm -f /var/lib/dpkg/info/wd-nas.*

Then

apt-get update

 Then install GIT

 DO NOT overwrite the php.ini files and if asked in a blue menu, select to keep existing files

2 Likes

Thank you. That looks excellent as a smooth recovery path.

But, before I go that route, I’m tempted to try to make my current setup work again, especially since I’m now have git working… Ideally, I’d like to:

  1. first get ssh login working again, so I’m safe in the face of any kind of restart or lost connection.

  2. Debug what’s wrong with the apache connection, so the GUI interface works again. (My guess is that I just need to copy back the php .ini files and restart).

  3. (for future reference) understand why installing git disabled ssh.

I know that ssh is not totally dead. My current connections are alive and I see that sshd is running. Where should I look to see why ssh is not accepting connections?

Thanks,

David

PS I realize I’m playing with fire here. If you think I’m crazed and that it is much safer to just do the clean reinstall, please yell back at me.  (Note that I don’t have much at risk. My data is 100% backed up locally.

PPS If things do go really south and I both GUI and SSH connectivity, is there any path to unbrick (even erasing all my data), or would the box then be totally hosed?

OK let’s first see if we can fix SSH

nano /etc/ssh/sshd_config

 Compare it to this

# Package generated configuration file

See the sshd(8) manpage for details

What ports, IPs and protocols we listen for

Port 22

Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2

HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600
ServerKeyBits 768

Logging

SyslogFacility LOCAL3
LogLevel INFO

Authentication:

LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
AllowUsers root

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

Don’t read the user’s ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

similar for protocol version 2

HostbasedAuthentication no

Uncomment if you don’t trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes

To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no

Change to yes to enable challenge-response passwords (beware issues with

some PAM modules and threads)

ChallengeResponseAuthentication no

Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes

Kerberos options

#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

GSSAPI options

#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

Allow client to pass locale environment variables

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

 Any differences?

The only thing that scares me about trying to fix SSH is that at some point we would have to restart the SSH daemon and that could backfire on us and leave us without SSH

There is no sshd_config in that directory; only moduli and ssh_config.

Well that’s your problem

Hmm, yeah, that’s why I’ve been afraid to step forward. If I lose the current connections, then I think I’ll brick the device.

Any other ideas?  (Hmm, maybe I can setup a telnet server in parallel, or is that too old-school to be supported anymore?)

Be back in 20 minutes, gotta get the little one on the bus

And yes there is a way to debrick the drive by taking it out of the case but we really want to avoid that as my first set of instructions will get that done

I’m gonna call you crazy then and tell you to just follow the guide up top. Let’s not tempt fate here :slight_smile:

1 Like

Meanwhile, I’m setting up for your initial directions, just in case.

But, the file at   http://download.wdc.com/nas/apnc-021109-053-20120413.deb seems to be in the wrong format for 7zip.

It reports:

C:\download\7za.exe t apnc-021109-053-20120413.deb

7-Zip (A) 9.20 Copyright © 1999-2010 Igor Pavlov 2010-11-18

Processing archive: apnc-021109-053-20120413.deb

Error: Can not open file as archive

 

The download itself looks clean, but I don’t recognize the file format inside… It’s definitely not zip (and I don’t know what other formats 7zip expects).  It starts:

!
debian-binary 1334341409 0 0 100644 4 _ _2.0_ _control.tar.gz 1334341409 0 0 100644 3549

… much binary and a few other file headers …

data.tar.lzma   1334341471  0     0     100644  127417507 `

 

It looks like I could possibly manually extract data.tar from it; but that sure feels like the wrong road to head down!!

Also, I just realized that I missed one of your earlier messages: the one with instructions that should work to install git safely.

Given that message, and given your earlier instructions, and given my shared reluctance to tempt fate, I agree with you 100%.  The time has come to roll back.  So, the immediate question is why can’t I unpack the .deb file?

David

PS I’ve been too caught up in the frenzy to remember to say thank you yet.  I do really appreciate your help.

You gotta keep double clicking everything that pops up in 7zip till you get to a file called rootfs.img

Then highlight that file and hit extract

Aha, and weird.

I had downloaded the cmdline version, also on the webpage you cited. It did not recognize the file.

I’ve now got the win32 version, and it does.  I’ve extracted the file.

One more double-checking question before  I go ahead.  My device is the 2TB “My Book Live”, purchased recently and part number WDBACG0020HCH-00.  Is this correct firmware?

Yep its correct

You are gonna want to update after you get your shares set back up. I recommand rolling back to 02.11.09-053 because the last 2 firmwares have major changes and upgrading from 02.11.09-053 to the new firmware will be a smooth process.

Make sure you recheck the guide I had a small typo and it is now fixed

cp /DataVolume/shares/Public/resetButtonAction.sh /usr/local/sbin/resetButtonAction.sh

Hmm, one more paranoid question…

I’m looking at resetButtonAction.sh. I don’t  completely understand it, so this question may be offbase, but it looks like it expects my device to be a raid device with two drives /dev/md0 and /dev/md1.

But, my unit is single disk, and has no md1 device.

    root@CentralPark:~# ls -d /dev/md*
    /dev/md /dev/md0
_    root@CentralPark:~# _

Also, your instructions said that I would need to replace an earlier version of resetButtonAction.sh in /usr/local/sbin.

But, I had no such file pre-existing there.

So, double-checking again… is this the right script for this device?

David

Yep, the OS runs in software raid.

sda1 OS (raid) md0 or md1

sda2 OS (raid) md0 or md1

sda3 swap

sda4 data

Type mount in the terminal window and you will see the OS raid mount as /md0 or /md1

I gotta run, be back in around 2 hours… Lemme know how it goes

Well, the script ran but the device did not shutdown for reboot.

It clearly ran to the end of the script… the console shows:

    Copy image to upgrade device /dev/md1
   3999616+0 records in
    3999616+0 records out
    2047803392 bytes (2.0 GB) copied, 341.927 s, 6.0 MB/s

    
    all done, now rebooting

    Broadcast message from root@CentralPark (pts/0) (Thu May 2 17:09:30 2013):
    The system is going down for reboot NOW!
    CentralPark:~#

I assume that is just another symptom of the damage I did via apt-get, I know I can power-cycle and, assuming everything went well, I’ll come up in the new OS. But, I’m leery about doing so and losing my ssh access in case anything has gone wrong.  What can I check to verify that the new OS has installed cleanly, before I boot?

In any event, I’ll hold off on rebooting until after you get back.

David

PS I am **bleep** lucky that the shutdown is not working. Confession: I am a complete bonehead when stressed, and I somehow did not copy the img file to the the Public directory. (Don’t ask … I could describe the steps that led to this idiocy, but doesn’t really matter).  In any event, the first time I ran the script, it had no img file to copy. Lucky for me, it did not reboot, so I got a second chance.   But, it would be good to add a check that the file actually exists (and maybe even require an MD5 check??). The next ■■■■■ will not be as lucky as I just was.

It looks like it copied an image to me

That is the correct output at the end of the script

copying image to disk…

3999616+0 records in

3999616+0 records out

2047803392 bytes (2.0 GB) copied, 170.032 s, 12.0 MB/s

1 Like