0

I just locked myself out of SSH. Basically, I added three users to /etc/ssh/sshd_config using the AllowUsers directive, which is great because now they can login, but now I can't, and I'm the only user on the sudoers list.

I would happily do an "su" from within an SSH session of one of those users I just added, but I do not have the password for my account, only a .pem certificate file.

John
  • 3
  • 3

1 Answers1

2

Nope, won't work. Best bet: reboot your (remote?) machine into recovery mode if this is possible and modify the configuration then. And an advice for the future: keep an existing shell open and try to re-login with your existing account in a new session before terminating (no offense meant).

mdo
  • 206
  • 2
  • 10
  • I've learned the same lesson except for me it was a bad sudoers file :( – TheFiddlerWins Aug 21 '13 at 20:41
  • Thanks for your answer. I guess it's just one of those learning experiences. What surprises me nonetheless is that I cannot switch users with a certificate... – John Aug 22 '13 at 15:24
  • Your server-stored certificate probably lives in $HOME/.ssh which is a directory that "belongs" to OpenSSH. You could dive into the world of PAM modules (look at /etc/pam.d/) in order to change the configuration of sudo. There are plenty of PAM modules out there, for example you could use a smartcard reader that way. – mdo Aug 22 '13 at 15:34