About Linux Cryptography Issues

About the Linux server password problem, actually quite simple, just need us to summarize, next I summarize what I know;

Because the study of Linux time is not long, so there is a wrong place, I hope you can give guidance.

I understand the password structure: The following three kinds, and the relationship between the interlocking

• Set the system password to change your password via single user or rescue mode

• Setting the grub password cannot be entered into a single user, but can be switched on by CD-ROM boot mode

• Setting the BIOS password does not boot into the BIOS Setup CD and does not enter rescue mode

One: System Password:

1. Encryption

In fact, I think this long do not need to introduce more, because as long as touch the Linux system of this is very familiar with;

Root User Login

Change root password: passwd >>> return, enter the password

change user password: passwd user_name >>> Enter follow the prompts, or type in the old password, or simply lose the new password

If the password is not encrypted, we can also enter/etc/shadow direct modification, only root can be;

User Login

Change Password: passwd (user_name) >>> Enter, old password, new password

2. Decryption

>>> Restart >>> start three seconds before pressing any key >>> select the first one to edit by E

>>> Select the second press e edit >>> add 1 or S or single at the end

>>> Enter >>> Press B to start

>>> entered single user >>> passwd root >>> set new password

>>> Restart >>> OK

Graphic: http://jingyan.baidu.com/article/eb9f7b6d9dead0869264e84f.html

Two: Grub password

In order to prevent some illegal users from the single-user mode to modify our root password, do not let it enter the mode selection;

1. Encryption

PlainText encryption

Go to config file/etc/grub.conf for editing, add on Hiddenmenu or below:

passwd = password

Save exit

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/74/74/wKiom1Yd5rfzIIFjAACe8KHDOXs353.jpg "title=" 9.PNG " alt= "Wkiom1yd5rfziifjaace8khdoxs353.jpg"/>

Ciphertext encryption

Command line Input: Grub-crypt >> Enter password, return to get encrypted password default to SHA-512 encryption

Or specify encryption: Grub-md5-crypt >> Enter password, return to get password specified as MD5 encryption method

=grub-crypt--md5 >> Enter password, return to get password Plus

Will get ciphertext added to configuration file/etc/grub.conf location or hiddenmenu up or down

Sha Way: passwd--sha ciphertext where $6 represents SHA-512 encryption

MD5 Way: passwd--md5 ciphertext where $ = MD5 encryption

Other ways:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/74/75/wKiom1Yd6rLzYrWSAABDUoSnR3Y808.jpg "title=" 99.PNG "alt=" Wkiom1yd6rlzyrwsaabduosnr3y808.jpg "/>

At this time again want to pass the single-user mode to modify the password, because it does not go to single-user mode, requires grub password;

Encryption method, encryption operation above, the principle of encryption to Baidu it;

Ciphertext: $id $salt$encrypted

ID | Method

1 | MD5

2a | Blowfish (not in mainline glibc; added in some

| Linux distributions)

5 | SHA-256 (since GLIBC 2.7)

6 | SHA-512 (since GLIBC 2.7)

2. Decryption

Insert the installation CD, boot into the BIOS interface, right click on the name of the virtual machine power in the option can be, or boot when pressing F2, some of the machine may not be F2, select the disc to boot, and then enter the interface after selecting the third entry system:

There are a lot of English operations without opening the network (next), and finally selecting the shell (first item)

>>> into the original operating system: Cd/mnt/sysimage

>>> Change Password: VI etc/passwd >>> chroot/root/sysimage

>>> passwd >>> Enter a password >>> You can also change the configuration file vi/etc/passwd

>>> Exit >>> Restart >>> Don't forget to set up your hard drive

Graphic: http://jingyan.baidu.com/article/456c463b6aa3260a59314471.html

Three: BIOS password

In order to prevent illegal users from the rescue mode to change our root password, do not let him into the BIOS Setup CD boot;

1. Encryption

>>> start your computer and press "Del" or "F2" key to enter BIOS Setup main interface

>>> find "Set Supervisor Password" (superuser password) and "Set User Password" (User password)

>>> Select one and press ENTER to enter the password after the Enter Password dialog box appears.

If you make this setting for the first time, the password does not exceed 8 characters and the password is case-sensitive. Enter the carriage after entering

>>> Confirm Password dialog box appears, enter the same password again

>>> in the BIOS main menu, select "Advanced BIOS Features" (Premium BIOS feature setting)

>>> use the cursor key to select "Security option" with "page Up/page down" key to change the option to system.

Attention:

A: The above is an example of award BIOS. The corresponding submenu in the AMI BIOS is "Password Check";

The award and Phoneix bios need to set the Aministrator Password is sub-menu option to

"Enabled" will make all password settings effective.

The "Security Option" item in B:bios has two parameters, that is, setup and system. Represents the two states of the BIOS password.

Setup (i.e. CMOS password) will not prompt for password input when booting, only require password when entering bios;

System (that is, the power-on password), at each boot will be prompted to enter a password (enter the super User password or user password one of the

This password is set up to prohibit the use of computers by outsiders.

C: The fundamental difference between the two passwords in the BIOS is the right to modify the BIOS.

"User password" is only used for booting, that is, to enter the system;

The "Superuser password" will not only boot into the system, but also enter the BIOS to modify the options.

It is recommended that both of us take the same password for memory.

Graphic: http://jingyan.baidu.com/article/b7001fe173759a0e7282ddde.html

2. Decryption

For the BIOS decryption, can only pull the jumper, buckle the battery, reply to the factory settings, so we need to take good care of the room;

Virtual Machine Decryption Collection: http://blog.chinaunix.net/uid-11450677-id-4097893.html

About Linux Cryptography Issues