On Thu, Oct 02, 2008 at 11:47:51PM +0800, Steven Shiau wrote:
Hi,
I modified live-initramfs so that we can assign password (encrypted) for
the default account "user" in boot parameters.
I am not sure this is a good idea or not, but I found it's really useful
when you want to put a remote machine with ssh service on.
To use it:
1. echo "YOUR_PASSWORD" | mkpasswd -s
say, it shows "1zShsShaiZumc"
2. put "usercrypted=1zShsShaiZumc" in boot parameters.
The boot parameters are visible to all users. Would the system be
vulnerable to another user seeing this parameter and running
something like John the ripper?
Then after the machine is booted, the password of default user becomes
"YOUR_PASSWORD"
Hope this helps.
My 2 cents.
Regards,
Steven.
--
Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org>
National Center for High-performance Computing, Taiwan.
http://www.nchc.org.tw
Public Key Server PGP Key ID: 1024D/9762755A
Fingerprint: A2A1 08B7 C22C 3D06 34DB F4BC 08B3 E3D7 9762 755A
diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live live-initramfs-1.139.1-new/scripts/live
--- live-initramfs-1.139.1/scripts/live 2008-10-02 23:09:31.000000000 +0800
+++ live-initramfs-1.139.1-new/scripts/live 2008-10-02 23:05:07.000000000 +0800
@@ -98,6 +98,12 @@
export USERNAME LIVECONF
;;
+ usercrypted=*)
+ USERCRYPTED="${ARGUMENT#usercrypted=}"
+ LIVECONF="changed"
+ export USERCRYPTED LIVECONF
+ ;;
+
userfullname=*)
USERFULLNAME="${ARGUMENT#userfullname=}"
LIVECONF="changed"
diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live-bottom/10adduser live-initramfs-1.139.1-new/scripts/live-bottom/10adduser
--- live-initramfs-1.139.1/scripts/live-bottom/10adduser 2008-10-02 23:09:31.000000000 +0800
+++ live-initramfs-1.139.1-new/scripts/live-bottom/10adduser 2008-10-02 23:05:50.000000000 +0800
@@ -31,7 +31,12 @@
# live-initramfs script
-user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
+if [ -z "${USERCRYPTED}" ]
+then
+ user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
+else
+ user_crypted="${USERCRYPTED}"
+fi
# U6aMy0wojraho is just a blank password
chroot /root debconf-communicate -fnoninteractive live-initramfs > /dev/null << EOF