If you are like me, you use your TerraMaster NAS proficiently. By this I mean you use its full capabilities like SSH and SCP. But sadly the TerraMaster has changed their policy with the latest update.
With the latest version, 4.2.28-220119172 they enabled a lot of cool features, one being PAM, which blocks a user if they login with a bad password more than 3 times. However they enabled a feature I am not too fond of: SSH is not limited only to the Admin account. This means that if you had other users who logged into SSH, after the update, after attempting to login into an account other than admin, after a few tries you till get this message:
|
1 |
Account locked due to 4 failed logins |
There is a fix… not official, and I could not find it in the forums… In fact TerraMaster’s
official stance is “Admin only”. But I need other users… I use my NAS remotely, extensively, while at work, while on the road, as do a few users I have granted access. I also have my webserver backups that go to my user every night, so “Admin Only” is not an option. So I found a way around it…
Step 1 – Enable SSH
The first step is to enable SSH, after the update, it automatically disables it. The default went form port 22 to port 9222, so you will have to edit this. Under Control Panel > Network Services > Terminal & SNMP > Telnet/SSH select Allow SSH Access, change the port to the one you wish, I use the default 22 (on my local LAN), and then click Apply
Step 2 – Add users to sshd_config
Now we need to change the sshd_config file, as it is what is blocking other users from logging in. SSH into your server as admin. Once logged in, sudo -i to get to the root account.
|
1 2 3 |
[admin@TNAS ~]$ sudo -i Password: [root@TNAS ~]# |
Then you need to edit the file /etc/ssh/sshd_config and add your users you wish to have access:
|
1 2 3 4 5 6 7 |
#CHANGE AllowUsers admin #TO AllowUsers admin jdoe jsmith user1 user2 |
Save the file and proceed to the next step.
Step 3 – Disable and Re-enable SSH in TOS
Log back into your TOS and disable SSH in Control Panel > Network Services > Terminal & SNMP > Telnet/SSH and apply, then reenable it again.
You should now be able to log back in again as an allowed user.
Step 4 – Unblock your account if you are blocked
So as mentioned, chances are you are here because you got blocked… and even after enabling you account to access SSH, you sill get the blocked message. This is because of the new PAM feature… which is separate from SSHD.
You can unlock you account with some of the follwing:
Check if you are banned
Log back SSH as admin and change to the root account, then tun the following:
|
1 2 3 |
[root@TNAS ~]# pam_tally2 --user=jdoe Login Failures Latest failure From jdoe 5 02/12/22 17:10:42 172.16.16.52 |
To unblock, you can run the following:
|
1 2 3 |
[root@TNAS ~]# pam_tally2 --user=jdoe --reset Login Failures Latest failure From jdoe 5 02/12/22 17:10:42 172.16.16.52 |
Now you should be able to login without issues.
Special Note
The update did a lot more than just disallow users from logging in. It may have deleted your SSH keypair allowing password-less login, so you will need to re-enable it.
Also if you used to have a banner when logging in, you will have to redo it, as the config was completely overwritten.
UPDATE
Something I noticed as well about the update… is everything that was in /home/user was moved to /home/user/home which is why the SSH keys no longer work. DO NOT MOVE IT BACK. If you move all your file back into /home/user you will not be able to access the files via the samba shares. I do not have a fix for this as the config file always gets rewritten reverting any changes you have made.
hello, thx for info , i got banned myself after update ,because the version 4228 is buggy , when you copy i file(more that 600 mb) from windows to usb attached harddrive, your explorer will hung up.this bug is present only on win side. from linux ok .
Very interesting đ
The fix for locked SSH access is via … SSH access
Technically yes, as a user with elevated privileges. For example, the user “user” is blocked, obviously “user” cannot log in. However, user “admin” can, and as “admin” has elevated privileges (ability to become root), “admin” can unlock “user” via ssh.
Yes, very good terramaster… My root account is locked… How to access it now?
You need to login as Admin. Then sudo to root.
there will be better fixes, but that works for me:
– remove the subfunction service_prepare and all references /start block) from /etc/init/samba
– apend /home at [homes]path = in /etc/smb.conf
– dont touch samba from web-ui after the changes
Best Regards
Emma Frost
Hola, soy nuevo usando este tipo de productos terramaster NAS, compre un F2-210, querĂa validar si es posible instalar aplicaciones externas mediante SSH. No tengo mucho conocimiento y lo que he leĂdo no lo he logrado.
H
Hola, el acceso a travĂŠs de SSH es limitado. Por lo que encontrĂŠ, no estoy seguro de quĂŠ administrador de paquetes usa. no estĂĄ basado en RedHat o Ubuntu. por lo tanto, es mejor instalar solo los paquetes admitidos desde la interfaz web.
I used Google Translate to try and make it easier, sorry if I butchered it.
Thank you, I have tried to install through Docker, the odoo program but I can’t see it work. This appears installed, but when accessing it gives me an error, I don’t know if you can help me.
Sadly I have never used to docker plugin for TerraMaster. I use it pretty much as a stock NAS. I wish you luck.
I cannot login as admin or root. The password is correct, but I only get an âaccess deniedâ. Any suggestions as to what I can do? Thanks!
You may need to log into the web panel and turn ssh back on. I find that after a restart it turns it back off for some reason.
Connection is not an issue. Itâs not accepting the passwordâŚ.
4244 – with this update it is not working any more , i have tryed many reinstall , even back to 4.2.28., no solution for the moment.
Some LOG :
⢠Physically Changed the HARD DRIVES (swapped)
⢠Full Reinstall OF OS ( auto downloading last version and OLD ONE )
⢠Set my Default Passwords and IP
⢠Try to Get Full Access to NAS, by repl
⢠Replacing or editing /etc/ssh/sshd_config
⢠Connect via ssh to NAS using the user admin, then type
⢠sudo vi /etc/ssh/sshd_config
⢠Change these lines
PermitRootLogin yes
AllowUsers admin root dimm