Enabling ssh with disassembling (Network space 2)

From NAS-Central Lacie Wiki
Jump to: navigation, search

NOTE: One screw of the hard disk is protected by a label "Warranty void if seal broken"

NOTE: it is now not longer necessary to dissassemble the device to gain remote access through ssh. "See Enabling SSH without disassembling"

The black cover can be removed from the device. On the front side of the device (check the blue LED) the cover is locked with one tab in the middle. Carefully push away the middle of the cover and lift only the front side. When it comes off, shift it a little to the back and you can safely remove the whole cover.

Now you can unscrew the hard disk (watch the warranty label) and attach it to your computer. Your computer has to be running Linux or you can boot a LiveCD like Knoppix.

/dev/sdb2 is the one carrying your data. It is XFS formatted.
/dev/sdb8 contains the most important files like executables and system configuration files. This ext3 filesystem is mounted read-only during normal operation.
/dev/sdb9 contains your configuration files. This ext3 filesystem is mounted read-write during normal operation.

You can't mount /dev/sdb8 as easily as the other two partitions:

# mount /dev/sdb8 [your_mountpoint]
mount: unknown filesystem type 'linux_raid_member'

You will have to specify some extra parameters:

mount -t ext3 /dev/sdb8 [your_mountpoint] -o rw,data=ordered

The setup of the Network Space 2 is quite similar to the Lacie D2 Network. You can enable ssh by removing the comment # from the file:

[your_mountpoint]/etc/initng/runlevel/default.runlevel

Since you don't know the root password, you can add your ssh public key to [your_mountpoint]/root/.ssh/authorized_keys.

After saving the files and unmounting the hard disk, you can put it back into the device. After the device is powered on, you can connect with ssh and your ssh private key. Now it is possible to change the root password, so you can connect from every other PC as root.

Since the changes were made on the read-only file system, the changes are kept after a factory default reset. Only the root password will be reset, so it is worth trying to change the shadow file on /dev/sdb8 too. Else you can only log in with you ssh key.

WARNING: root is a unionfs of sdb8 and sdb9. Making changes to sdb8 didn't work for me because I had stuff in sdb9 "layering" the readonly filesystem. So, first of all, look at the sdb9 partition. If you have a snaps folder then you probably better work inside this rw partition. I just edited snaps/00/etc/initng/runlevel/default.runlevel and created the snaps/00/root/.ssh/authorized_keys file in sdb9 and everything worked.

It is possible to use a Mac to gain ssh access to the disk, although discouraged due Mac's lack of drivers. You can use Paragon ext drivers (paid) to access with write permission on ext3 (macfuse offers only readonly driver) and fuse-xfs (free) if you're interested in accessing your data partition.

I suggest to check out which disk you're accessing from Disk Utility as they will be named "Untitled". Access the one that corresponds to disk1s8 (note: the first digit '1' may change basing on how many disks you have connected to the computer) and do the editing of default.runlevel and ssh key as described above. You may want to check out the overlay partition, which corresponds to disk1s9 from Disk Utility. Note: Mac has a bad habit of indexing and making trash folders on every disk connected. These file are harmless, but may annoy you. You can run from Terminal this command once you cd to the disk making sure you don't have any open Finder windows (otherwise they'll be created again):

find $(pwd) -name {.DS_Store,.DocumentRevision-V*,.fseventd,.TemporaryItems,.Spotlight-V*} -exec rm -rf {} +