Re: [Patch] Assign password (encrypted) from boot parameters

To: debian-live@lists.debian.org
Subject: Re: [Patch] Assign password (encrypted) from boot parameters
From: bob <robert.pickel@gmail.com>
Date: Thu, 2 Oct 2008 14:40:25 -0400
Message-id: <[🔎] 20081002184025.GA3532@leo.home>
In-reply-to: <[🔎] 48E4ED27.9090601@nchc.org.tw>
References: <[🔎] 48E4ED27.9090601@nchc.org.tw>

On Thu, Oct 02, 2008 at 11:47:51PM +0800, Steven Shiau wrote:
> Hi,
> I modified live-initramfs so that we can assign password (encrypted) for
> the default account "user" in boot parameters.
> I am not sure this is a good idea or not, but I found it's really useful
> when you want to put a remote machine with ssh service on.
> To use it:
> 1.  echo "YOUR_PASSWORD" | mkpasswd -s
>      say, it shows "1zShsShaiZumc"
> 2.  put "usercrypted=1zShsShaiZumc" in boot parameters.
> 
The boot parameters are visible to all users. Would the system be 
vulnerable to another user seeing this parameter and running 
something like John the ripper?
> Then after the machine is booted, the password of default user becomes
> "YOUR_PASSWORD"
> 
> 
> Hope this helps.
> My 2 cents.
> 
> Regards,
> Steven.
> 
> -- 
> Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org>
> National Center for High-performance Computing, Taiwan.
> http://www.nchc.org.tw
> Public Key Server PGP Key ID: 1024D/9762755A
> Fingerprint: A2A1 08B7 C22C 3D06 34DB  F4BC 08B3 E3D7 9762 755A
> 
> 

> diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live live-initramfs-1.139.1-new/scripts/live
> --- live-initramfs-1.139.1/scripts/live	2008-10-02 23:09:31.000000000 +0800
> +++ live-initramfs-1.139.1-new/scripts/live	2008-10-02 23:05:07.000000000 +0800
> @@ -98,6 +98,12 @@
>  				export USERNAME LIVECONF
>  				;;
>  
> +			usercrypted=*)
> +				USERCRYPTED="${ARGUMENT#usercrypted=}"
> +				LIVECONF="changed"
> +				export USERCRYPTED LIVECONF
> +				;;
> +
>  			userfullname=*)
>  				USERFULLNAME="${ARGUMENT#userfullname=}"
>  				LIVECONF="changed"
> diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live-bottom/10adduser live-initramfs-1.139.1-new/scripts/live-bottom/10adduser
> --- live-initramfs-1.139.1/scripts/live-bottom/10adduser	2008-10-02 23:09:31.000000000 +0800
> +++ live-initramfs-1.139.1-new/scripts/live-bottom/10adduser	2008-10-02 23:05:50.000000000 +0800
> @@ -31,7 +31,12 @@
>  
>  # live-initramfs script
>  
> -user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
> +if [ -z "${USERCRYPTED}" ]
> +then
> +  user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
> +else
> +  user_crypted="${USERCRYPTED}"
> +fi
>  
>  # U6aMy0wojraho is just a blank password
>  chroot /root debconf-communicate -fnoninteractive live-initramfs > /dev/null << EOF

Reply to:

Follow-Ups:
- Re: [Patch] Assign password (encrypted) from boot parameters
  - From: Steven Shiau <steven@nchc.org.tw>
- Re: [Patch] Assign password (encrypted) from boot parameters
  - From: Tzafrir Cohen <tzafrir.cohen@xorcom.com>

References:
- [Patch] Assign password (encrypted) from boot parameters
  - From: Steven Shiau <steven@nchc.org.tw>

Prev by Date: [Patch] Assign password (encrypted) from boot parameters
Next by Date: Re: [Patch] Assign password (encrypted) from boot parameters
Previous by thread: [Patch] Assign password (encrypted) from boot parameters
Next by thread: Re: [Patch] Assign password (encrypted) from boot parameters
Index(es):
- Date
- Thread