Dry! Decoding and protection of Linux passwords

Retrieve root password:

If you encounter a lost password, you can have the administrator reset the password if it is just a lost password for the normal user. But if the administrator user's password is lost, then how to solve?

In the Linux environment, the root password is forgotten or can be saved back! As long as you can enter and mount/, and then reset the root password, you will be rescued! This is because the boot process, if forced to enter RunLevel 1 o'clock, the default is no need for a password to get a root shell to rescue. The detailed procedure is as follows:

1. Reboot!

2. Press any key on the boot to enter the Grub menu

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/87/16/wKioL1fTzQuB2pBwAAAV6WmgRhQ070.png "title=" 2.png " alt= "Wkiol1ftzqub2pbwaaav6wmgrhq070.png"/>

As prompted, type a into the following screen: Add 1 or single or s or s after quiet

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/87/18/wKiom1fTzk-DSPcqAAAPEWwo5m0850.png "title=" 4.png " alt= "Wkiom1ftzk-dspcqaaapewwo5m0850.png"/>

Enter after entering the single user mode RunLevel 1, and then use the passwd command to modify the password, after the completion of the modification can be restarted.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/16/wKioL1fTzzODrXTCAAAO32T_kzc077.png "title=" 5.png " alt= "Wkiol1ftzzodrxtcaaao32t_kzc077.png"/>

It is so simple, the password can be reset, bring convenience, but also a dangerous existence. Although the server is usually placed in the machine room. Outsiders can not touch, but some specific circumstances, will be exposed to outsiders place, if so simple to be cracked the administrator password, it is not very dangerous, so we do not have to crack password back, but also to protect the password!!

Upgrade password protection:

When it comes to password protection, it involves a file that is needed when the system starts, and we can add some settings here so that you can get some protection when the system starts!!

This file is/boot/grub/grub.conf, this is a system configuration file, this file has some content (#后为上一行的注释)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/87/2B/wKioL1fWlbXyDneWAACXiQtd688188.png "title=" 2.png " alt= "Wkiol1fwlbxydnewaacxiqtd688188.png"/>

We can add two lines of code to this file, which allows you to modify the kernel's protection and system protection.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/87/2B/wKioL1fWnJLSeCZ9AABO5_ZuQ38299.png "title=" 9.png " alt= "Wkiol1fwnjlsecz9aabo5_zuq38299.png"/>

And we add two lines of code, what function do we implement separately?

These two lines of code, the location of different, the implementation of the function is the first before the boot of the kernel, so he is mainly to start the menu editing authentication, the second after the kernel settings, so he is to implement the boot of the selected kernel or operating system certification

Restart boot into the Grub menu, you can find the following message has changed, need to enter a password to modify 650) this.width=650; "Src=" http://s5.51cto.com/wyfs02/M02/87/2B/ Wkiol1fwmfih0jmcaaavztwwisg065.png "title=" 6.png "alt=" Wkiol1fwmfih0jmcaaavztwwisg065.png "/>

Enter the password to display the normal, then you can change the password.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/87/2E/wKiom1fWmemRSkV3AAAWcOCSab8889.png "title=" 5.png " alt= "Wkiom1fwmemrskv3aaawcocsab8889.png"/>

When you choose to start the system, you will first see the password you need to enter: 650) this.width=650; "Src=" http://s5.51cto.com/wyfs02/M01/87/2B/ Wkiol1fwnt6teqwwaaaif958j0u641.png "title=" 7.png "alt=" Wkiol1fwnt6teqwwaaaif958j0u641.png "/>

When you enter the correct password, the system starts to start normally

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/87/2E/wKiom1fWnWXTMSTAAAANhdYZIpM697.png "title=" 8.png " alt= "Wkiom1fwnwxtmstaaaanhdyzipm697.png"/>

Password Encryption Protection:

Although the permissions set for this profile are relatively strict:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/87/2C/wKioL1fWpVSD01TSAAAREXCek0Q794.png "title=" 3.png " alt= "Wkiol1fwpvsd01tsaaarexcek0q794.png"/> However, after all, the password in the file is clear-text preservation, so it is still less secure, then we need to use an encrypted password

The command "Grub-md5-crypt" will be used here to generate an encrypted password

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/87/2E/wKiom1fWpgyzzICWAAAUe1v_FyI323.png "title=" 14.png "alt=" Wkiom1fwpgyzzicwaaaue1v_fyi323.png "/>

In the configuration file, you need to change the password to the following line:

Password [--MD5] STRING

This allows for a more secure password.

Thinking:

At this time facing a situation, if you forget to start the menu edit password, as long as you remember to enter the system password, you can enter the system to modify the configuration file, to realize the Start menu edit password. So what if I forget to enter the system password?

This is not a worry, as long as you remember the Start menu edit password, there are saved.

When entering the Grub menu, enter the actual password, then select "C", after typing "C", the following interface will appear, enter three lines of command, class implementation, bypassing the kernel boot, so do not need to enter the system password.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/87/2B/wKioL1fWofewa_GSAAAKLOy_GkI286.png "title=" 11.png "alt=" Wkiol1fwofewa_gsaaakloy_gki286.png "/>

Note that to specify their own kernel files, root directory and virtual system files, the parameters in the diagram should not be copied, according to their actual situation to edit.

If two passwords are forgotten, this is available on the trouble, only into the rescue mode ...

Enter rescue mode, please refer to http://groot.blog.51cto.com/11448219/1841771

After entering rescue mode:

First, switch the root directory,

Then the configuration file settings password that line to modify or delete, and then quit the restart, you can.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/87/2E/wKiom1fWpLTxFu-1AAAFCsInl4c988.png "title=" 13.png "alt=" Wkiom1fwpltxfu-1aaafcsinl4c988.png "/>

This article is from the "I ' m Groot" blog, so be sure to keep this source http://groot.blog.51cto.com/11448219/1852119

Dry! Decoding and protection of Linux passwords