I'm trying to resolve Ubuntu 14.04 (mostly SSH) failstart. I've spotted some suspicious commands executed by one of the developers. Since they were executed, I was not able to access it using SSH anymore.
root : TTY=pts/1 ; PWD=/var/www/html/projects/at2/htdocs/public ; USER=root ; COMMAND=/bin/chmod -R 777
root : TTY=pts/1 ; PWD=/var/www/html/projects/at2/htdocs/public ; USER=root ; COMMAND=/bin/chmod -R 777 ./images
root : TTY=pts/1 ; PWD=/var/www/html/projects/at2/htdocs/public ; USER=root ; COMMAND=/bin/chmod -R 777 . /
After that log file is full of messages like
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
What exactly each command did and how can I rollback them?
You shouldn't give that much power to your developers and I would recommend re-installing the whole system instead of fixing all incorrect permissions.
The last command has set access rights of all files to 777 which means give right to read, write and list to user, group and everyone else.
The problem is that ssh doesn't like incorrectly set permissions and fails to start then. To fix this problem and to get immediate access you can use the following command:
chmod 600 -R /etc/ssh