Editing VPS Management (section)

== Letting someone in who has locked themselves out (killed sshd, lost pwd) ==

There are two ways people frequently lock themselves out - either they forget a password, or they kill off sshd somehow.

These are actually both fairly easy to solve.  First, let's say someone kills off their sshd, or somehow mangles /etc/ssh/sshd_config such that it no longer lets them in.

Their email may be very short, or it may have all sorts of details about how you should fix sshd_config to let them in ... just ignore all of this. They can fix their own mangled sshd.  Fixing this is very simple.  First, edit the /etc/inetd.conf on their system and uncomment the telnet line:

 telnet stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd
 #telnet stream  tcp6    nowait  root    /usr/libexec/telnetd    telnetd

(just leave the tcp6 version of telnet commented)

Then, use jailps to list the processes on their system, and find their inetd process.  Then simply:

 kill -HUP (pid)

where (pid) is the PID of their inetd process.  Now they have telnet running on their system and they can log in and do whatever they need to do.

The only complications that could occur are:

a) their firewall config on our firewall has port 23 blocked, in which case you will need to open that - will be covered in a different lesson.

b) they are not running inetd, so you can't HUP it.  If this happens, edit their /etc/rc.conf, add the inetd_enable="YES" line, and then kill
their jail with /tmp/jailkill.pl - then restart their jail with the jail line from their quad/safe file.  Easy.

If they have forgotten a password,

On 6.x+ you can reset their password with:
 jexec <jailID from jls> passwd root

Note: the default password for 6.x jails is 8ico2987, for 4.x it is p455agfa

On 4.x, you need to cd to their etc directory
... for instance:

 cd /mnt/data2/198.78.65.136-col00261-DIR/etc

and run:

 vipw -d .

Then paste in these two lines (theres a paste with these):

 root:$1$krszPxhk$xkCepSnz3mIikT3vCtJCt0:0:0::0:0:Charlie &:/root:/bin/csh
 user:$1$Mx9p5Npk$QdMU6c8YQqp2FW2M3irEh/:1001:1001::0:0:User &:/home/user:/bin/sh

overwriting the lines they already have for "user" and "root" - then just tell them that both user and root have been reset to the default password of p455agfa.

For linux, just passwd inside shell or 
 vzctl set <veid> --userpasswd root:p455agfa –save

Starting in 2009 we began giving out randomized passwords for FreeBSD and Linux as the default password. That is stored with each system in Mgmt. You should look for and reset the password to that password in the event of a reset and refer the customer to use their original password from their welcome email- this way we don’t have to send the password again via email (in clear text).