setting root passwd for headless system
Forum: Other Help Topics
Topic: setting root passwd for headless system
started by: ErroneousBee
Posted by ErroneousBee on June 01 2006,18:37
Hello, Ive remastered a DSL CD to boot to "dsl 2 ssh ftp" for a headless system, so that I can get in and repair stuff if an install or grub or something goes squiffy.
But I cannot find a way to automatically set the root or dsl passwd on startup.
Ive tried variations of "passwd <<EOF" and "echo 's3cr3t' | passwd" in the startup script, but nothing works, so Im still plugging in a keyboard and typing blind.
Anybody know how to make DSL accessible via ssh from CD boot with no user interaction at the keyboard?
Posted by mikshaw on June 01 2006,22:36
I haven't tried it, but if I had to I'd do something like this....echo 's3cr3t' | passwd --stdin username
Posted by pr0f3550r on June 02 2006,10:35
How do you access the headless system? Serial console or ethernet?The former option you need to hack the 'getty' daemon on the DSL box.
There is an excellent tutorial on "BSD Hacks", O'Reilly, which I'd like to port to DSL if I had time.
Posted by ErroneousBee on June 05 2006,15:01
| Quote (mikshaw @ June 01 2006,18:36) |
| I haven't tried it, but if I had to I'd do something like this.... echo 's3cr3t' | passwd --stdin username |
There is no --stdin option on the DSl passwd command
Its a lounge PC thats going to be running though my TV when I get things running, but currently I am carrying a monitor downstrair to try and do an install of gentoo.
I just want a rescue disk at the ready in case things go wrong and I need to repair a partition or something. Then I can slip the DSL CD in, and run upstairs to ssh into the box, chroot to wherever and start fixing stuff. At the moment I have to hang around, guess when DSL has booted, and type "passwd" "s3cr3t" "s3cr3t" before running upstairs.
I'm now thinking a passwd -d root could work.
Posted by mikshaw on June 05 2006,19:38
Another option is to set up your password and then backup /etc/shadow. Make a mydsl cd remaster with your backup in the root of the CD, and it should automatically overwrite the original so you won't need to set the password each time you boot the cd.
Posted by bib_ak on July 05 2007,13:14
I am not sure if I'm doing something wrong by digging up this 12 months old thread... But I'm in the exact same possition as the thread starter.Really unfortunate that --stdin is not available in DSL's passwd.
Have anyone found a solution to this, except remastering DSL?
Posted by ^thehatsrule^ on July 05 2007,15:53
You could load gnu's version of passwd or use another program to input it for you.
Posted by lucky13 on July 05 2007,16:31
One of the few nits I have to pick with DSL, and one of the issues I address in my my forthcoming hardening guide (I still have some things I want to add to it), is that it uses passwords for SSH. Especially for root. That's one of the reasons I opt for hard drive installs or remasters on anything that touches a network (particularly WiFi). It's irrelevant to me that the heart of of the system is read-only; the rest of it -- meaning my own data -- isn't. Keys are far more secure.I know your question is about access, not necessarily security, so I'll leave it there and provide a few links until I have time to finish the hardening page.
< http://www.debian-administration.org/articles/530 >
< http://www.securitydocs.com/library/3385 >
< http://gentoo-wiki.com/SECURITY_SSH_without_a_password >
Posted by bib_ak on July 05 2007,22:02
My appologies for my newbieness, but...GNU's version of passwd? Is this a replacement of the current passwd? I didn't even know there were different versions...
Another application to input it for me? I tried writing a bash script, but I couldn't make it. Does it exist custom programs for this purpose???
Would you be so kind to give me a point in the right direction?
Posted by mikshaw on July 06 2007,04:44
Several programs in DSL are actually part of a program called Busybox, which provides many of the standard Unix tools but in a smaller space. The GNU versions of these tools are typically much larger and have more options available, and are what is usually found in a typical big Linux distro. When you read documentation about these tools (such as man pages), they sometimes include features that are not available in Busybox.The GNU versions of many of DSL's Busybox commands can be obtained in gnu-utils.dsl, coreutils.uci, and one or two other mydsl packages (mostly in gnu-utils).
Posted by roberts on July 06 2007,05:12
Sorry, I often cannot keep up with all the posts.If you wish to use bash to script change a password, you can use /usr/sbin/chpasswd.
Take a look at the example that I did in /etc/init.d/dsl-config.for the boot option "secure":
It is as simple as...
echo "root:$PASSWD|chpasswd"
Posted by bib_ak on July 08 2007,23:35
Perfect 
Though, I had a little more success with | Code Sample |
| echo "root:$PASSWD"|chpasswd |
,just like in the example you pointed to ;)
Exactly how insecure is it to store your root password as plain text in a bash script? I know, bad, I know... But how on earth can anyone get into my machine to read the script in the first place?
Anyways, it works