forum.excito.com

I messed up whilst trying to configure my B3 to allow SSH logins via certificates.

End result, I can no longer SSH into my B3, I get "Permission denied (publickey)."

I know what I did wrong in the ssh_config settings, but can anyone think of a way I can access that file without being able to SSH into my B3 ?

Is there a way I could boot via a USB stick into a minimal Linux OS ? I have been wracking my brains trying to work out how to move forwards.

Yes using a rescue key is the better option here. You can download the latest bullseye installer here : http://install.excito.org/bullseye/latest/b3/ . Unzip it onto a FAT usb drive, and edit the install.ini file to comment or remove the whole [general] section at the end of the file. You can then boot the b3 with it and connect with telnet or ssh once it's connected to the network (user/password is excito/excito).

Once you're into the box, mount the disk main partition and do the changes you need.

Thankyou !

I got lucky and remembered I was running a desktop on it and was able to login via VNC and correct my sshd_config.

But a lesson learnt for next time I try to mess with SSH configurations without truly knowing what I am doing.

There is a neat trick to fearless editing of ssh-configurations: Use two ssh-sessions.

Log in and sudo in two different terminal windows from your client. Edit the ssh config in one, continue to keep both terminals open and restart the ssh daemon from one of the terminals. Now you can either log out of one or open a new terminal locally and verify your configuration by attempting to log in from the new terminal. Keep in mind that you must keep at least one of the sessions established before restarting sshd open until the new configuration has been verified.

The trick is that the old sessions that were established before you restarted sshd will keep running with the config as it was before sshd was restarted. So you can almost always recover from a configuration mistake simply by rolling your edit back from one of the pre-established sessions.

Have fun, happy hacking!

Good advice ! I will remember that.