[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Patch] Assign password (encrypted) from boot parameters

Bob,
Definitely.
However, this is just an option. Especially when you want to do some remote rescue action. Give an Debian live iso and ask the guy to download it, burn it, boot it, and it's ready there. 
My 2 cents.

Regards,
Steven.

bob wrote:

On Thu, Oct 02, 2008 at 11:47:51PM +0800, Steven Shiau wrote:

Hi,
I modified live-initramfs so that we can assign password (encrypted) for
the default account "user" in boot parameters.
I am not sure this is a good idea or not, but I found it's really useful
when you want to put a remote machine with ssh service on.
To use it:
1.  echo "YOUR_PASSWORD" | mkpasswd -s
     say, it shows "1zShsShaiZumc"
2.  put "usercrypted=1zShsShaiZumc" in boot parameters.
The boot parameters are visible to all users. Would the system be vulnerable to another user seeing this parameter and running something like John the ripper? 
Then after the machine is booted, the password of default user becomes
"YOUR_PASSWORD"


Hope this helps.
My 2 cents.

Regards,
Steven.

--
Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org>
National Center for High-performance Computing, Taiwan.
http://www.nchc.org.tw
Public Key Server PGP Key ID: 1024D/9762755A
Fingerprint: A2A1 08B7 C22C 3D06 34DB  F4BC 08B3 E3D7 9762 755A





diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live live-initramfs-1.139.1-new/scripts/live
--- live-initramfs-1.139.1/scripts/live	2008-10-02 23:09:31.000000000 +0800
+++ live-initramfs-1.139.1-new/scripts/live	2008-10-02 23:05:07.000000000 +0800
@@ -98,6 +98,12 @@
 				export USERNAME LIVECONF
 				;;
+ usercrypted=*) 
+				USERCRYPTED="${ARGUMENT#usercrypted=}"
+				LIVECONF="changed"
+				export USERCRYPTED LIVECONF
+				;;
+
 			userfullname=*)
 				USERFULLNAME="${ARGUMENT#userfullname=}"
 				LIVECONF="changed"
diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live-bottom/10adduser live-initramfs-1.139.1-new/scripts/live-bottom/10adduser
--- live-initramfs-1.139.1/scripts/live-bottom/10adduser	2008-10-02 23:09:31.000000000 +0800
+++ live-initramfs-1.139.1-new/scripts/live-bottom/10adduser	2008-10-02 23:05:50.000000000 +0800
@@ -31,7 +31,12 @@
# live-initramfs script -user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s) 
+if [ -z "${USERCRYPTED}" ]
+then
+  user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
+else
+  user_crypted="${USERCRYPTED}"
+fi
# U6aMy0wojraho is just a blank password 
 chroot /root debconf-communicate -fnoninteractive live-initramfs > /dev/null << EOF





--
Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org>
National Center for High-performance Computing, Taiwan.
http://www.nchc.org.tw
Public Key Server PGP Key ID: 1024D/9762755A
Fingerprint: A2A1 08B7 C22C 3D06 34DB  F4BC 08B3 E3D7 9762 755A
Reply to: