Well, locked my router as forgot to delete 1copy1 from pubkey
Luckily there is an easy way to get in netherless. We all know there are two administrator user on SX763 root and administrator, the unlucky ones have that pubkey to get administrator locked out, root is not locked out. So first was trying to make the script do the access control tamper way, first it is quiet unpredictable (times command was run times it did not). Then started to mess a bit more with V_PasswordService and not just password writeable by anyone but its name key too.
And what happens when Name=administrator becomes name=root?
Scm_app overwrites root user as certificate limitation only on administrator, shell can be opened for root, though scm_app replaces its shell to mgmt, but we can escape from that with sx763os command, and can delete that nasty 1copy1 key from config.
New script attached to the post.
Its usage would be:
php enablessh.txt routerip webuser webpassword newadminpassword newadminname
Example:
php enablessh.txt 192.168.1.10 operator operator tcomsuxx root
That logs in to web interface using operator/operator, enables ssh, changes admin password to tcomsuxx and changes admin username to root
I think that defeats pubkey authentication completly (unless it is set up on root too what i doubt), it worked for me not sure if it is works on "locked" devices but not see anything why it should not, and it unlocks webinterface admin too as admin_role becomes root as we know root password (changed it to tcomsuxx this case) that password should be accepted on webinterface too (as admin_role is default )
There is one side effect due administrator name change, "administrator" user password stays default (what is logical as scm_app changes root user instead)