Unable to ssh (locked out) after upgrade from 10.1 to 10.3

I followed the update instructions here to update from 10.1 to 10.3. My only way of accessing this server is via ssh, and I have now been locked out (the ssh address is no longer known by my PC). Are there any steps to take / configurations to check to prevent this from happening again? I cannot afford to be locked out every time I update the version — I will need to take the server to my work and connect it to a screen to be able to fix this.

Thanks,
Oliver
 
I followed the update instructions here to update from 10.1 to 10.3. My only way of accessing this server is via ssh, and I have now been locked out (the ssh address is no longer known by my PC). Are there any steps to take / configurations to check to prevent this from happening again? I cannot afford to be locked out every time I update the version — I will need to take the server to my work and connect it to a screen to be able to fix this.

Thanks,
Oliver

Mergemaster probably overwrote the file /etc/ssh/sshd_config when you upgraded FreeBSD. You need to verify it before restarting the server after the upgrade.
 
Mergemaster probably overwrote the file /etc/ssh/sshd_config when you upgraded FreeBSD. You need to verify it before restarting the server after the upgrade.

This sounds to me like a major issue with updating. Why should the sshd_config file be overwritten? I strongly suggest something about this be added to the Upgrading FreeBSD page, unless I am missing something?

Thanks,
Oliver
 
This sounds to me like a major issue with updating. Why should the sshd_config file be overwritten? I strongly suggest something about this be added to the Upgrading FreeBSD page, unless I am missing something?

When you run mergemaster -PFUi, it will ask you if you want to install or delete temporary file, or merge both temporary and installed files. If you want to keep your modified config file then you would select to delete the temporary file as it is default config and you don't want to replace your modified config with temporary config. The merge option will display left and right columns and it will ask you which you want to keep by pressing 'l' which is left or 'r' which is right.

I think that's where you got confused about what is temporary and installed file so you accidentally selected to install temporary which overwrote your sshd_config with the default config. That would explain why you got locked out.

Mergemaster is important upgrade tool and you need to understand it well otherwise there will be unintended consequences.

Please read the man doc on mergemaster.
 
I wonder why you can't access it though, by default sshd(8) listens on all addresses. What else was changed in sshd_config?
 
I think the handbook could have a short example on merging with mergemaster(8). The section "23.6.4. Merging Configuration Files" does give an idea how it works but doesn't show what the procedure actually looks like.
 
I strongly suggest something about this be added to the Upgrading FreeBSD page, unless I am missing something?

While the instructions in the Handbook could be a little clearer, you admit yourself that you didn't actually follow the instructions in the Handbook. Hurling blame at the people who wrote the instructions you didn't use is, in polite terms, "poor form."
 
I think the handbook could have a short example on merging with mergemaster(8). The section "23.6.4. Merging Configuration Files" does give an idea how it works but doesn't show what the procedure actually looks like.

I agree. A screenshot will help.

It think FreeBSD Handbook should allow moderator-approved FreeBSD users to edit the documents similar to Wikipedia. That will make editing the docs much easier and more current.
 
Updates to the handbook are very much welcomed:

FreeBSD Documentation Project Primer for New Contributors

I understand that but not everyone likes to checkout using CVS. What I meant is online editing like Wikipedia with revision control by only approved FreeBSD users. There has to be a way to simplify the editing process.

There could be two documentations: Official FreeBSD Handbook (CVS) and FreeBSD Users Handbook (Wikipedia style).
 
Sure, who's going to keep them the same?

It's not going to be the same but wikipedia style documentations will contain more information and how-to which is severe lacking in official Handbook. Which do you think will likely receive more contributors to update the documentations? CVS or Wikipedia style Handbook? Also, the official Handbook are in several languages and they're not the same.

Personally I think CVS is great for code maintainers but its terrible for Handbook documentations. Programmers and editors are two different things. Editors won't know how to use CVS as its designed for programmers and they won't waste time trying to figure out how to install and use CVS. That's why I said wikipedia style or online documentation editor are way much easier and will receive more contributors to update the docs.

PHP have their wiki page (wiki.php.net) and Docbook Online Editor (edit.php.net).

May I suggest adding online editing software and let FreeBSD users fill in the rest. After-all, its the contributors who contributes to FreeBSD community, therefore, need to make the process easier for FreeBSD contributors.

CVS Handbook documentation is becoming an old-school (no offense intended). That's why molofishy was confused because of lack of clarifications on using mergemaster. That's something FreeBSD committee will have to think about. We're not in 20th century anymore.
 
Lets not take this thread further offtopic than it already is. If you have suggestions regarding the documentation process please open a new thread, I'm sure people like wblock@ (regular documentation submitter) will chime in.
 
Finally got the server to a screen. Here are the contents of /etc/ssh/sshd_config

Again, anything odd here was simply a consequence of updating from 10.1 to 10.3 following the standard update instructions. /etc/rc.conf was unchanged. I do not know what /etc/ssh/sshd_config looked like before so I do not know what it should look like (will need to do some reading). I did not use mergemaster and maybe I should have?

I am obviously not interested in blaming anyone (no idea why that was raised in this thread). I just want to get to the bottom of this to help myself and other users, and am happy to update the handbook once a solution is found.

Thanks,
Oliver
 
I used the "FreeBSD Update" option. I did the following in the order shown:

freebsd-update fetch
freebsd-update install
freebsd-update upgrade -r 10.3-RELEASE
freebsd-update install
shutdown -r now
freebsd-update install
 
You're welcome to post your sshd_config

If building from source, do this:
Code:
cd /usr/src
make buildworld
make buildkernel KERNCONF=DBSDV
make installkernel KERNCONF=DBSDV
<reboot>
mergemaster -p
cd /usr/src
make installworld
mergemaster -PFUi
yes | make delete-old
yes | make delete-old-libs
<reboot>

Anyway, you actually installed FreeBSD 10.3 twice. :)

Code:
freebsd-update fetch
freebsd-update install
freebsd-update upgrade -r 10.3-RELEASE
freebsd-update install
shutdown -r now
freebsd-update install

First two lines are for upgrading from 9.3, 10.0, 10.1, and 10.2 to 10.3. This is better for minor upgrades.
Third line is for upgrading from 9.2 and older to 10.3-RELEASE. This is better for major upgrades.

So, either one will work in your case.

Did you run pkg upgrade to update all the installed packages after you did the major upgrade? This is required after major upgrades.
 
I used the "FreeBSD Update" option. I did the following in the order shown:

freebsd-update fetch
freebsd-update install
freebsd-update upgrade -r 10.3-RELEASE
freebsd-update install
shutdown -r now
freebsd-update install

You're not using the source update/upgrade but the freebsd-update(8) method. Don't mix the two. When using freebsd-update(8) the update tool is supposed to handle the merging of the configuration files and present you with the merge options if there is a need for merging. You don't use mergemaster(8) when using freebsd-update(8).
 
KERNCONF is optional.

Not quite if you write it out as intended:

make buildkernel KERNCONF=DBSDV

make installkernel KERNCONF=DBSDV

Without repeating it on the second invocation the installkernel target would try to install the GENERIC kernel.

However this is enough to achieve the same:

make buildkernel installkernel KERNCONF=DBSDV
 
Remington: oh I installed it twice? whoops! :). btw, I provided a link to photographs of my sshd_config file in my previous post. I seems the entire thing was overwritten. I set
Code:
PasswordAuthentication
to yes and added my username to
Code:
AllowUsers
. Now I can ssh again like before!

Although I'm still curious as to why the file was wiped to default. I must have done something unusual. Perhaps it was something to do with the double install...

I did not run pkg upgrade after the install. I'll remember this too.

kpa: I did not see the options. I will keep an eye out next time.

If you need more information, I am happy to provide.
 
It's more likely you misunderstood the merge process when you upgraded FreeBSD. There's no way the upgrade will secretly overwrite config files without your permission so you must have missed or misunderstood when it prompted you about sshd_config.
 
What about this?

make -j8 buildkernel installkernel KERNCONF=DBSDV

It might work but then again the installkernel target probably does not like multiple threads and of course does not benefit from them because the installation has to be done in very strict order.
 
I set PasswordAuthentication to yes and added my username to AllowUsers. Now I can ssh again like before!
The default sshd_config allows anyone with a valid user account to login using passwords. I don't understand why those changes were necessary to allow you to login.
 
Back
Top