Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Currently, Debian Lenny with no desktop sucks the least for me.
Posts: 23
Rep:
Lost root password, can't reset
My wife's computer might have been entered. It's connected to my firewalled router and is running SUSE 10.2. My computers run BSD.
Anyway, I had to use YAST to install a printer, on her machine, as root, and discovered that the root password no longer worked, which caused me to become suspicious.
In order to enter rescue mode, one needs the install cd which I didn't have. So, I booted a Knoppix cd to edit the /etc/shadow file. I found that there was no encrypted root password, only an asterisk between the two colons. I deleted it, and then could log onto SUSE as root without a password.
However, all attempts to reset the root password with passwd fail. Typing "pwd" confirms I'm logged in as root, but after typing "passwd" I'm prompted for a password, which of course there is none.
Actually, I don't want to fix the problem in SUSE as I was going to install BSD anyways. I have all her stuff backed up and will wipe the hdd before the new install.
I'm just curious about the root password problem. Any thoughts here?
"pwd" gives you the current working directory---not the login name. For the later, enter "users", or "whoami".
Did you become root by entering "su" or "su -"?
If you are not logged in as root, then "passwd" wants a password before it will go further.
You can boot into single-user mode and become root with no password required---like so:
when the grub menu appears, hit any key to stop the count, then "e" for edit.
select the kernel line, and "e" again.
Add the word "single" to the end to or the line
hit return and then "b"
Distribution: Currently, Debian Lenny with no desktop sucks the least for me.
Posts: 23
Original Poster
Rep:
About "pwd" - sorry, my typo. wanted to say "whoami" which does confirm that I am logged in as root.
No su done. The etc/shadow file should contain the encrypted or hashed up root password between the first two colons. Remove those characters and then, after reboot, login as root is automatic without password. Quote the SUSE BIBLE - "You will find you can now reboot the system as root without a password." This is true.
As I have explained, although I am indeed logged in as root, when I attempt to reset the root password, it asks me for a password. Obviously, I cannot give one as firstly, the original one got busted, and secondly, I wiped out the asterisk that somehow found its way into where the hashed password should have been. Most importantly, I am already logged in as root, but passwd asks for a root password.
There is no grub menu. Rescue mode is what SUSE wants, and it's the mode I chose. I guess this is the SUSE version of single user mode.
Distribution: Currently, Debian Lenny with no desktop sucks the least for me.
Posts: 23
Original Poster
Rep:
Would someone please READ my question? I know how to reset a root and/or user password. This hasn't a thing to do with SU.
It has to do with the fact that when I wanted to be root, the root password was not accepted. I had it written down, used it before, and then it no longer worked. Either SUSE screwed up or someone, on the WAN not LAN, had gained access and changed it. It is a security, not a how-to question.
The root password (IN SUSE) is stored on the first line of the file /etc/shadow, not in its original state, but in a hashed/encrypted format. It is seen as a bunch of mishmash characters, separated by colons. The idea is to delete the characters between the first and second colons. Then one can log on as root without needing to enter a password.
Great, but you must have install cd#1 where you log into rescue mode to do this. Lacking the install cd, I did it by booting a Knoppix cd which automatically logs the user on as root. I then deleted all the hash characters between the first and second colons. Either way, the result is the same.
Now, I get logged on to SUSE as root without entering a password! YESI DO. Once logged on as root, I issue the command "passwd" and the o/s responds with "changing password for root" - then immediately "password: user not known to the underlying authentication module."
Thus, it is not possible to reset the root password.
Please understand: I don't want to fix the problem. Tomorrow, SUSE will be history, and my wife will be running BSD.
The question is: Given these circumstances, is it possible that my wife's computer was hacked, and for what possible reason?
However, all attempts to reset the root password with passwd fail. Typing "pwd" confirms I'm logged in as root, but after typing "passwd" I'm prompted for a password, which of course there is none.
I agree it is strange that root is prompted for a password when running passwd.
However, no password, just means an empty string right? So what happens if you just hit enter?
One more question did you try running passwd both with no argument and explicitly as 'passwd root'?
Methinks it's some strange SUSE specific thing.
Evo2.
PS. Sorry, no idea about your actual question regarding if you wife's machine was cracked.
Last edited by evo2; 11-12-2009 at 01:05 AM.
Reason: PS
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.