Re: [Patch] Assign password (encrypted) from boot parameters
On Thu, Oct 02, 2008 at 11:47:51PM +0800, Steven Shiau wrote:
> Hi,
> I modified live-initramfs so that we can assign password (encrypted) for
> the default account "user" in boot parameters.
> I am not sure this is a good idea or not, but I found it's really useful
> when you want to put a remote machine with ssh service on.
> To use it:
> 1. echo "YOUR_PASSWORD" | mkpasswd -s
> say, it shows "1zShsShaiZumc"
> 2. put "usercrypted=1zShsShaiZumc" in boot parameters.
>
The boot parameters are visible to all users. Would the system be
vulnerable to another user seeing this parameter and running
something like John the ripper?
> Then after the machine is booted, the password of default user becomes
> "YOUR_PASSWORD"
>
>
> Hope this helps.
> My 2 cents.
>
> Regards,
> Steven.
>
> --
> Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org>
> National Center for High-performance Computing, Taiwan.
> http://www.nchc.org.tw
> Public Key Server PGP Key ID: 1024D/9762755A
> Fingerprint: A2A1 08B7 C22C 3D06 34DB F4BC 08B3 E3D7 9762 755A
>
>
> diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live live-initramfs-1.139.1-new/scripts/live
> --- live-initramfs-1.139.1/scripts/live 2008-10-02 23:09:31.000000000 +0800
> +++ live-initramfs-1.139.1-new/scripts/live 2008-10-02 23:05:07.000000000 +0800
> @@ -98,6 +98,12 @@
> export USERNAME LIVECONF
> ;;
>
> + usercrypted=*)
> + USERCRYPTED="${ARGUMENT#usercrypted=}"
> + LIVECONF="changed"
> + export USERCRYPTED LIVECONF
> + ;;
> +
> userfullname=*)
> USERFULLNAME="${ARGUMENT#userfullname=}"
> LIVECONF="changed"
> diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live-bottom/10adduser live-initramfs-1.139.1-new/scripts/live-bottom/10adduser
> --- live-initramfs-1.139.1/scripts/live-bottom/10adduser 2008-10-02 23:09:31.000000000 +0800
> +++ live-initramfs-1.139.1-new/scripts/live-bottom/10adduser 2008-10-02 23:05:50.000000000 +0800
> @@ -31,7 +31,12 @@
>
> # live-initramfs script
>
> -user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
> +if [ -z "${USERCRYPTED}" ]
> +then
> + user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
> +else
> + user_crypted="${USERCRYPTED}"
> +fi
>
> # U6aMy0wojraho is just a blank password
> chroot /root debconf-communicate -fnoninteractive live-initramfs > /dev/null << EOF
Reply to: