I have an embedded ELDK controller which is currently operating on the basis of DES password authentication. None of the /etc/shadow entries have a password field which is prefixed with ${digit}$.

Purely for improved security and the need to integrate with some third-party software, I need to change the authentication type to SHA-512, and I am roughly aware of what needs modifying in login.defs to do that.

However, I'm concerned as to what will happen when I reboot after the change. Do existing password entries get left intact as they are ?

If so, I'm happy with that, because there aren't that many users that would need the password re-encrypting. And it would probably answer the other concern I have about root access, i.e. presumably, I won't lose the ability to log back in with my existing root user ?

Thanks

Open two sessions to the server.
Work in one. test, Disconnect, Reconnect.
Don't disco the 2nd session until you are certain in the first.

Welcome to LQ!

@Habitual Thanks for the welcome. I'm normally a Java developer so this project is a bit out of my normal comfort zone! Can I take you up on your reply ? My primary connection to the controller is putty via serial to the controller's RS232 'debug' port. The controller also runs an ssh server which I can putty into over IP. However, I am assuming your paradigm of 'test, disconnect, reconnect' implies a controller reboot after modification of login.defs and so, surely, I will lose the second connection at that point ?

Thanks

I misunderstood the question. Sorry.

Slightly-puzzled here because DES is an encryption algorithm, whereas SHAx is a digital-signature algorithm ... apples and oranges ...