Getting root access on Lacie OS 3.0

[graycrow]

I have successfully got root access on my new 2big NAS 4TB with Lacie OS 3.0 (3.0.5.6)

It's quite easy, no disassembling required.

1. Enable SFTP in the web interface
2. Open a SFTP connection to the box using your admin account
3. Change directory to the Admin: cd Admin
4. Create a link for default.runlevel file: symlink /etc/initng/runlevel/default.runlevel default.runlevel
5. Create a link for shadow file: symlink /etc/shadow shadow
6. Create a link for unicorn.sharing.ssh.conf file: symlink /etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf unicorn.sharing.ssh.conf
7. You can close SFTP connection now
8. Open the web file manager in your browser and navigate to the Admin folder
9. Right click on default.runlevel and select edit in source editor, uncomment sshd entry, save
10. Right click on unicorn.sharing.ssh.conf and select edit in source editor, enable ssh by replacing false by true (enabled: true), save
11. Reboot
12. Open the web file manager in your browser and navigate to the Admin folder
13. Right click on shadow and select edit in source editor, replace root hash by admin hash, save

Now you can connect to the port 2222 using root login and admin's password. Shadow file will be overwritten on next reboot, so next time your need to edit shadow again (so, do not remove that symlink) or use key authentification for permanent solution.

[Mijzelf]

Nice! Stickied.

[MechMK1]

Great tutorial, but I am experiencing a slight problem with public/private key authentification.
I have inserted my public key as I would have in any authorized_keys file, but my NAS falls back to password authentification.

Does the key need to be in a specific format?

Here are the contents of my file (without any newlines in the keys segment):

Code: Select all

_config:
    enabled: true
    port: 2222
    chroot_directory: '/'
    authorized_keys: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEArJYkNKv8ZhFgDT4j94BjwZHhhf/d0FFGAf8ey1/RYjtdGHdLLaz0BkQCRHFI8cm4nWKQwGlziwjx8cAHaw2ITCGhfdZfT6+VtFwgTLZm/yX+mheE482iIYk6Yj5u2UiBGbGA4+gjKzABJwZrKYBnX1lDv88mxBUPepkW5Wwo2U0= rsa-key-20130303'

[MarvinM]

Many thanks graycrow, worked perfectly on my 5big NAS Pro with 3.1.4.4 firmware.
With regard to public key authentication I changed my config line to
authorized_keys: '~/.ssh/authorized_keys'
I don't think I rebooted after that change, if it breaks after the next one I'll revise.
I created the directory .ssh (in /root) and also locally, where I generated keys with ssh-keygen (and just pressed enter several times for a default key with no passphrase). When attempts to use ssh-copy-id failed I just copied the public key file to the NAS .ssh directory and renamed it to authorized_keys. After much confusion, and a lack of error messages, I changed the permissions on the remote directory,
chmod 700 .ssh
Success! slogin -i ~/.ssh/id_rsa root@IP -p 2222
(where id_rsa is my private key, locally)

[akahata]

I'm sorry for this question, but I'm new to this matter:

How do I perform this step:
"Create a link for default.runlevel file: symlink /etc/initng/runlevel/default.runlevel default.runlevel"

on a Win VISTA PC with WinSCP with a CLOUDBOX? The (S)FTP Connection is working, I can see
the shared files, but want means "symlink ..?". I don't know what to do...

Thanks in advance.

[Mijzelf]

On WinSCP do Files->Custom Commands->Enter, and enter the command

Code: Select all

symlink /etc/initng/runlevel/default.runlevel default.runlevel

[akahata]

Ah! Holy Osram! Thanks a Lot!

[antieco]

I have successfully got root access on my new 2big NAS 4TB with Lacie OS 3.0 (3.0.5.6)

It's quite easy, no disassembling required.

1. Enable SFTP in the web interface
2. Open a SFTP connection to the box using your admin account
3. Change directory to the Admin: cd Admin
4. Create a link for default.runlevel file: symlink /etc/initng/runlevel/default.runlevel default.runlevel
5. Create a link for shadow file: symlink /etc/shadow shadow
6. Create a link for unicorn.sharing.ssh.conf file: symlink /etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf unicorn.sharing.ssh.conf
7. You can close SFTP connection now
8. Open the web file manager in your browser and navigate to the Admin folder
9. Right click on default.runlevel and select edit in source editor, uncomment sshd entry, save
10. Right click on unicorn.sharing.ssh.conf and select edit in source editor, enable ssh by replacing false by true (enabled: true), save
11. Reboot
12. Open the web file manager in your browser and navigate to the Admin folder
13. Right click on shadow and select edit in source editor, replace root hash by admin hash, save

Now you can connect to the port 2222 using root login and admin's password. Shadow file will be overwritten on next reboot, so next time your need to edit shadow again (so, do not remove that symlink) or use key authentification for permanent solution.

Thanks, it worked on my cloudbox..
how do i get admin hash?

/edit > SOLVED ! thanks

[akahata]

On WinSCP do Files->Custom Commands->Enter, and enter the command

Code: Select all

symlink /etc/initng/runlevel/default.runlevel default.runlevel

All I get is a very long error message which says something like "SFTP-5 does not support commands", "Lets start a shell on server" and finally "Server refused to start shell/command.".

Please help me...

(I stopped working on this topic for a while because it was too frustrating. But now I'm back. thanks for your support.)

[Rosak]

On WinSCP do Files->Custom Commands->Enter, and enter the command

Code: Select all

symlink /etc/initng/runlevel/default.runlevel default.runlevel

All I get is a very long error message which says something like "SFTP-5 does not support commands", "Lets start a shell on server" and finally "Server refused to start shell/command.".

Please help me...

(I stopped working on this topic for a while because it was too frustrating. But now I'm back. thanks for your support.)

Hello, about a week ago I had the same problem on LaCie 5big NAS PRO. I solved it from the command line in Ubuntu.
Regards, John

[nathanwoerheide]

Hey has anyone gotten this to work on a nas running 3.1.4.7?

or how to find the older OS version so i can root it Lacie has removed it from the site.

[Rosak]

Hey has anyone gotten this to work on a nas running 3.1.4.7?

or how to find the older OS version so i can root it Lacie has removed it from the site.

I use OS ver. 3.1.4.7 and above procedure from graycrow works. Only I was not able to enter commands via WinSCP so I used the command line in Linux.

[smurphster]

Thanks for this awesome guide! It worked for me running firmware 3.1.4.6

Damn thing gave me a heart attack though when I rebooted. I couldn't see my shares from SFTP and the file browser gave me errors when clicking on the shares. The shares screen had errors next to each share saying Volume 1 was not active... Turns out it was just checking the file system and everything was fine after 5 minutes

[ciprianm]

I tried to use this procedure on a 5big NAS Pro with software ver. 3.1.4.8 with no succes. I got stuck at step 3 since I can only see the shares I created on the top level.
Any ideas, anyoane?
Thanks!

[smurphster]

You could try using one of your other shares. I don't think the location is important. The sym links just needs to be accessible from the web file manager.