Locked out of the router after LEDE trunk upgrade

I had installed sudoer, set up a non-root user and configured the user's password. I also disabled root SSH log in access.

I added /etc/sudoers and /etc/sudoers.d/custom to /etc/sysupgrade.conf, which already has /etc/passwd and /etc/shadow.

All was well until I upgraded from an older LEDE trunk image to the latest LEDE trunk image. Once the router powered back on, I found I could not SSH into the router as the non-root user anymore. Each SSH login attempt was terminated immediately after I typed in the correct password.

Since I disabled root SSH access, I had to put the router into the openwrt failsafe mode. Fortunately, I did not have to do a full config reset. I only had to re-enable root SSH access in /overlay/upper/etc/config/dropbear.

After rebooting into normal mode, I reset the password of the non-root user. This caused /etc/shadow to be updated.

I want to make sense of what caused the lockout of the non-root user, and prevent it from happening again. It appears the password of the non-root user was lost due to the LEDE upgrade. Is that consistent with the symptoms described above? What else needs to be done to avoid this situation, given /etc/sysupgrade.conf already has /etc/shadow in it [by default]?

Found the culprit. It's not a password issue. Apparently the home directory path of any non-root users needs to be added to /etc/sysupgrade.conf, to be preserved across system upgrades. No home directory found, no SSH login possible. Simple as that.

1 Like

@unbekannt, can you post your /etc/sysupgrade.conf regarding that setup please?