By Mistake We Can Get Partially Locked and Fully Unable to Perform SSH. How to Disable Firewall in Ubuntu Server in Such Situation? We have a To Do List For Unmanaged Rackspace Cloud Server Owners, but possibly a Not To Do List is also needed! The Credit To Solve Such Situation Fully Goes to Megan from The Rackspace Cloud as we said in our down to Earth post Why is Rackspace So Successful? Everyone knows that if we can Disable / Turn Off Firewall in Ubuntu Server in Locked Situation, it will run fine. But how you will access the Server? SSH, Port 80, Port 443 all will be refusing connection.
Disable / Turn Off Firewall in Ubuntu Server in Locked Situation
The command to Disable / Turn Off Firewall in Ubuntu Server is quite easy :
sudo ufw disable
It is not that only running wrong commands can invoke this situation, it can happen in certain situation where OpenSSL server is involved and some related component is build from source.
Do not use Rescue Mode or Recovery Mode. Rescue Mode is quite difficult to handle and only intended for fully messed up system. For example, someone ran
sudo chown command while at root without mentioning the path and gave
root‘s ownership to
www-data. Your practical problem is => Networking from outside has been blocked. Except the Firewall part, there is no other very serious issue.
There are practically two ways to solve this situation. One is to use KVM Switch, it is not possible to access the Physical Computer or Virtual Instance for full dedicated server. We are talking about Real Dedicated server where the Networking is fully isolated, like GitHub runs on a Dedicated Server. That is why, real Dedicated Server costs a huge and only can be provided by few Web Hosts on this Earth. They will always be managed. May be you are thinking that you are using a Dedicated Server, read this ==> How to Detect Application is Running within a Virtualized OS Instance. The difference with collocated server is only the ownership of the physical machine. With a real Dedicated Server, you will have managed service level, hence a person on the datacenter can actually fix it. Those who are using kind of Dedicated Server, as their Networking is shared, if there is API based access (like online console from web hosting company’s control panel, it is not cPanel or Plesk, Web Hosting Panel has nothing to do with these situations), it is possible to login and reset. However, most such kind of Dedicated Server providers will never admit or solve your situation. Because it opens up the fact – it is not a real Dedicated Server.
Second way is only for the OpenStack Cloud Providers like Rackspace; actually the System Admin can login within the Network with the Password, even if Firewall is ON. Only need is, Ping should be working properly. It is a kind of API based access to port 443.
I have not tested the third way, apparently; If we tunnel via another Server on the same network, probably it is possible to access the 443 port => you need to spin up another server and configure as remote desktop and SSH to the locked server. Actually the Internal Network is always whitelisted, but some configuration is needed which we will not disclose as it can be used as a way to badly exploit the vulnerabilities. We absolutely can not say anything except to contact your host and point towards this guide. For Rackspace, there is no need to point towards, they frankly know about networking more than me. Rescue Mode to Disable Firewall in Ubuntu Server in Locked Situation? May be possible, but it is too complicated way as the problem is with Firewall not with the OS itself.