Root and update from ANY firmware level (copy/paste code friendly)

shelzmike
Posts: 6
Joined: Tue Aug 09, 2016 10:22 pm

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby shelzmike » Mon Jan 02, 2017 1:38 am

So, I was hesitant to upgrade my rooted winkhub that was working great, but needed the update for some OSRAM RGBW bulbs that the update offered.

I triple checked that ENABLE_SSH was in /database as well as triple checked authorized_keys was there and the correct key (have always connected from my Raspberry Pi without issue.

After update, I was slightly concerned as when I tried to connect my normal way, I got an error about the WinkHub that the ECDSA fingerprint changed. I figured NBD, it happens sometimes, so I removed it from known_hosts and tried to reconnect. I got past the ECDSA error, but then...

Code: Select all

pi@raspberrypi:~ $ ssh root@winkhub
Permission denied (publickey).


s*^t!

It looks like the authorized keys have changed on the hub for some reason? I can only assume from the update, which sucks.

I will say that up until now, I had never connected my hub to an app..never had a blue light. I added it today, of course, because I thought this would go smoothly. Guess not...

I guess some good news is that SSH is indeed still enabled. I did enable the UART serial connection so i HOPE that is still working properly. I will try tomorrow. If so, I should be able to just re-add the key, right?

I will see how it goes, I was lucky in that I got the glitch after on a few tries, but don't want to go through all that again! UGH!

On a side note, I really do appreciate all that you have done with this site and the instructions. Not mad, bc it is what it is. We know what we are getting into. Just wanting to share my experience.

Mike

shelzmike
Posts: 6
Joined: Tue Aug 09, 2016 10:22 pm

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby shelzmike » Mon Jan 02, 2017 4:51 pm

I have left a few other posts on this topic but they have yet to be approved yet, so this may be repeat, but here is the full update of my experience.

I had root and UART serial access for a few months, never connected it to Wink app. Decided to update using this method. ENABLE_SSH was in database as well as authorized_keys. Additionally, inittab was configured to allow UART.

Added my hub to the Wink app and performed update. I was suddenly unable to access via SSH or Serial via UART.

I had to completely redo the NAND glitch hack to regain root access. I was luck and got it on first try. I did some investigating and discovered a few strange things.

1. ENABLE_SSH was still in database, and this makes sense as there was a connection via SSH made and allowed, but I was failing due to incorrect keys it said.

2. My database/authorized_keys file was now suddenly blank.

3. My root/.ssh/authorized_keys file had 2 new keys in it (winktest and something for wink dev). I deleted these as they don't need access to my device.

4.) Although I checked inittab before updating and it did have the line enabling serial UART access, that line was no longer there and I had to add it.

5.) I ran the dropbear argument deletion line, but not sure it did anything.

6.) Just before I updated, i actually made a copy of my autorized_keys file in database. Now back in after hack, I simply copied that into the authorized_keys file in database. Still no good..failing for key, which seemed odd to me. I rebooted the hub and luckily DID now have serial UART access again, but still no SSH access. When I checked on the database/authorized_keys file, it was BLANK! Started to get worried...So I essentially completely deleted the root/.ssh/authorized_key file as well as the database/authorized_keys. I generated a new pair from my Raspberry Pi and copied the public key to both authorized_keys files on the Hub and ensure the private key was correct on my Pi. SUCCESS...now I was able to reconnect via SSH and my Echo was now able to again perform automation actions via my OpenHab setup (which all relies on persistent SSH connection to the Wink Hub.

Whew...so not sure why my experienced seemed different, but i am seemingly back in business. Just wanted to let everyone know so the expectation is set that you could lose root and need to redo the glitch again.

Mike

mattjm
Posts: 2
Joined: Thu Sep 29, 2016 1:33 am

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby mattjm » Thu Jan 26, 2017 11:05 pm

And to date... as long as you have /database/authorized_keys with your public key and /database/ENABLE_SSH exists... you can do updates via the app or however you want maintaining root.


Two months later and this may no longer the case. Upgrade through the app wasn't working for me, so I just updated to 3.4.4 after "echo "00.01" > /database/cf_fver3".

I'm on the latest version now, but the hub no longer recognizes my private key. :-/ Curious if others have experienced this? There is always UART if I actually need to use root for something...

reichley
Posts: 1
Joined: Sat Dec 03, 2016 12:43 pm

Re: Root and update from ANY firmware level (copy/paste code friendly)

Postby reichley » Wed Mar 01, 2017 6:38 am

yeah, so i upgraded (a few times) in recent months and the ssh server is listening but my keys aren't working either. Has anyone been able to get root using the "any firmware level" with a wink hub with the latest software? I don't have access to my device at the moment but I updated the software as of 3-4 days ago...I'd really LOVE to get root back. Just isn't the same without it.


Return to “Root and update from any firmware level”

Who is online

Users browsing this forum: No registered users and 2 guests