Notes on upgrading

Be careful you don't inadvertently lock yourself out of your machine when upgrading

I had previously locked down my sshd by disallowing passwords (allowing keys only).

When I upgraded, the .ssh directory under root got wiped out, but my /etc/sshd_config options were still in place, which meant that I couldn't login, because there was now no public key for a root login and sshd wasn't accepting password-based logins.

It would have been simple to avoid this, if I had temporarily enabled passwords in sshd_config, before the upgrade.
As it was, the only thing I could do to recover was to open the case, connect the drive to my PC, and put a public key back in /root/.ssh. What a hassle.
While doing this, I bumbled and generated an RSA key (wasn't paying attention). I could not figure out why things still weren't working. (I had set sshd to work with DSA keys only).


  1. Careful when upgrading, particularly if you have tightened sshd security
  2. Pay attention to RSA/DSA distinction—it might matter depending on how you have sshd configured
  3. I now store both the /etc/sshd_config and the /root/.ssh in a TrueCrypt encrypted file on my thumbdrive. Having the second of these would have saved me some time. Having the first might have helped me think about the initial problem because I could have read my sshd options.

(applies to White Light Version—don't know how this applies on Blue Light Version)

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License