Category: Password

Boot Single User Mode – Resetting forgotten root user account password in RHEL/CentOS 6

While booting hit an arrow key, and it will take you to the GRUB menu. Again, use an arrow key to select the entry that you want to modify.
And hit “e” key to edit this. Find line which starts with “kernel“, and almost at the end of this line find “rhgb quiet“, and add “1” after “quiet“, so it will look like this: “rhgb quiet 1“. Once this is done hit enter. Now, it will take you to the kernel setting prompt. Just press “b” to boot from the kernel, and it takes you to the single user mode.

Now, you are in a single user mode, and you will be able to reset a root password, but before you do that check whether the SELinux is enabled or disabled.
Just type: “getenforce“. It has three contents: Enforcing – no permission to reset a root password. Permissive – permission to rest a root password, and Disabled – No policies are loaded. If you have Enforcing enabled you can disable it by using the following command: “setenforce 0“.
Once this is done, you can change a root password 🙂

Boot Single User Mode – Resetting forgotten root user account password in RHEL/CentOS 7

As soon as the boot process starts, press ESC to bring up the GRUB boot prompt. You may need to turn the system off from the control panel and then back on to reach the GRUB boot prompt. You will see a GRUB boot prompt – press “e” to edit the first boot option. Find the kernel line linux16 or linuxefi or linux (Each menuentry block that represents an installed Linux kernel contains linux on 64-bit IBM POWER Series, linux16 on x86_64 BIOS-based systems, and linuxefi on UEFI-based systems. Then the initrd directives followed by the path to the kernel and the initramfs image respectively) and add init=/bin/sh at the end of the line and then press CTRL-X to boot.
System will boot and you will see the root prompt. Type mount -rw -o remount / and then passwd to change the root password and then touch /.autorelabel and then exec /sbin/init

In short:
init=/bin/sh – In case of VMWare like KVM or VirtualBox use rb.break instead of inti=/bin/sh
# mount -o remount,rw /
# passwd root
[Enter New Password]
[Re-enter New Password]
# touch /.autorelabel
# exec /sbin/init

It should look like this one:
–cut
1:
2: linux16 /vmlinuz-3.10.0-229.7.2.e17.x86_64 root=/dev/mapper/centos-root ro rd.lvm.lv=centos/root rd.lvm.lv=centos/swap crashkernel=auto rhgb quiet LANG=en_IE.UTF-8 systemd.debug init=/bin/sh
3: initrd16 /initramfs-3.10-0-229.7.2.el7.x86_64.img
4:
–cut

XFCE and ecryptfs-utils issue.

I use eCryptfs to encrypting a home directory. After upgrade the ecryptfs-utils package to 103 version. I’m not able to log into XFC using a LightDM, the unlock doesn’t work. The LightDM runs in the loop and displays a login screen
again and again. So, the solution is add the following:

auth optional pam_ecryptfs.so unwrap
password optional pam_ecryptfs.so
session optional pam_ecryptfs.so unwrap

to the /etc/pam.d/lightdm file, or:

common-auth-pc, common-session-pc and common-password-pc files into the /etc/pam.d directory

or using:

pam-config -a --ecryptfs should add it automatically to the proper common-* files.

By the way, the bug was fixed after a few hours by openSUSE maintainer 🙂

Recover root password.

1. Boot the LiveCD or rescue CD/USB, and mount your root (/) partition. For example:

mkdir /mnt/root
mount /dev/sdaX /mnt/root

and then edit the password file with your editor:

vim /mnt/root/etc/shadow

and then delete the second field on the root line:

root:$1$KmZw.u7l$JI6aYJRrSU7ZcUivaNQpZ1:15833:0:99999:7:::

2. Boot the LiveCD or rescue CD/USB, and mount your root (/) partition. For example:

mount -o remount,rw /dev/sdaX /mnt/root
chroot /mnt/root
passwd root

3. INIT or /bin/bash mode

Another trick is to add “init=/bin/bash” (LILO “linux init=/bin/bash” or add it to the Grub “kernel” line). This will dump you to a bash prompt much earlier than single user mode, and a lot less has been initialised, mounted, etc. You’ll definitely need the “-o remount,rw” here. Also note that other filesystems aren’t mounted at all, so you may need to mount them manually if you need them. Look in /etc/fstab for the device names.

passwd root

🙂

TightVNC Remote Desktop Connections using SUSE as Client or Server.

1. Install the tightvnc and xorg-x11-Xvnc packages:

root# zypper install tightvnc xorg-x11-Xvnc

Type the command vncserver to start the VNC server, and then type the command
vi $HOME/.vnc/xstartup
to open the VNC configuration file in the vi text editor. You can replace “vi” with your preferred text editor.
Add the line /usr/bin/gnome & under the #!/bin/sh line, if you are using the Gnome desktop.

Type the command vncserver in Suse 10 or dbus-launch vncserver in Suse 11, to start the VNC server. Take note of the desktop number, usually “:1,” “:2” or “:3,” that is shown after the command is executed.

2. Connect to the Server

Open the VNC viewer software on the remote computer. Type “192.168.1.100:1” in the connection text box. Replace “192.168.1.100” with the IP address of the Suse server. Replace “:1” with the desktop number from the previous section. and then type the password for the VNC server, when prompted.

Users who are logged on can start a server with a simple console command.

• Starting the server in Suse versions 10.x: vncserver
• Starting the server in Suse versions 11.x: dbus-launch vncserver

The vncserver command will start the next unused desktop in the sequence :1, :2, :3 …etc. You can attach many options to the command line when starting the server. There are options specific to TightVNC on the TightVNC man page and you can also attach the options listed in the Xvnc man page.

Note: vncpasswd allows you to set the password used to access VNC desktops. Its default behavior is to prompt for a VNC password and then store an obfuscated version of this password to passwd-file (or to $HOME/.vnc/passwd if no password file is specified.) The vncserver script runs vncpasswd the first time you start a VNC desktop, and it invokes Xvnc with the appropriate -rfbauth option. vncviewer can also be given a password file to use via the -passwd option. The password must be at least six characters long (unless the -f command-line option is used– see below), and only the first eight characters are significant. Note that the stored password is not encrypted securely – anyone who has access to this file can trivially find out the plain-text password, so vncpasswd always sets appropriate permissions (read and write only by the owner.) However, when accessing a VNC desktop, a challenge-response mechanism is used over the wire making it hard for anyone to crack the password simply by snooping on the network.

conf example:


server:/home/user/.vnc # cat xstartup
#!/bin/sh

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Generating random password.

Handy way of generating random passwords is this:

root# echo `< /dev/urandom tr -dc A-Za-z0-9 | head -c8` here is an output: XjArHZxb

or

root# date | md5sum and here is an output: 711325e73eceea2a9899f2a6233ca045 -

also you can use the makepassword for generate a random password but before you do that you should install it onto your system, for example:

root# apt-get install makepasswd

Generating random password with makepasswd:

root# makepasswd and here is an output: 1of1CQRa