Botched TCP wrapper remotely; how can I connect? Haste is needed!

geoweaser · 06-02-2022, 02:52 PM

I am trying to help a colleague connect locally to a linux machine (I believe Debian), which uses TCP wrapper for security.

I ssh'd onto the computer and tried to give him access by clearing the contents of /etc/hosts.allow, but failed to make any changes to /etc/hosts.deny.

As a result, I can no longer ssh onto it, but get this error:
ssh_exchange_identification: read: Connection reset by peer

So... now we're both locked out. How can I access this computer? Or how can I instruct him to access it?

Thanks!

SlowCoder · 06-02-2022, 03:07 PM

Did hosts.deny have any entries? By default, I think both hosts.allow and hosts.deny are empty, which I think defaults to allowing all hosts.

It sounds like you will need access to the physical host to which you cannot connect, and fix the configuration.

geoweaser · 06-02-2022, 03:23 PM

Thanks. Unfortunately, there were some lines in hosts.deny, but I didn't clear them.

It seems that I'll not be able to connect remotely, but what are my options for a local connection? How can I (instruct my colleague to) connect if the TCP wrapper is blocking?

SlowCoder · 06-02-2022, 03:37 PM

Couple of options:
1. (preferred) Boot the host into rescue mode from the boot menu.
2. Create a live USB of Debian/Ubuntu, etc. Boot from it, mount the root (/) partition of the host.

Then edit the hosts.deny file.

geoweaser · 06-02-2022, 03:39 PM

OK. Thank you. There's no monitor to this box, but there is a serial connection that I will try to access.

michaelk · 06-02-2022, 04:07 PM

What type of hardware? Is this a regular desktop? Does it have some type of graphics card?

It depends. With a regular desktop typically if the system was not configured to use the serial port as a console then it is not an option.

geoweaser · 06-03-2022, 06:21 AM

This is a field data acquisition system with a serial-based console connection. I just have to remember how to use it.