Linux single-user mode modifies the root password and grub password settings

A common problem with Linux administrators when taking over a new server is the reset of the root password. If the root password is not used for a long time, or if you take over a strange server, you need to use single-user mode to reset the root password.

The following is a description of the CentOS 6.6 version under virtual machine VMWARE11:

One, single-user mode to modify the root password:

1. Power on display 3s Press any key, enter the selection mode, press a key arbitrarily:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/74/FE/wKiom1YwYPrzqLnEAABmlnl7ox4492.jpg "title=" 1.png " alt= "Wkiom1ywyprzqlneaabmlnl7ox4492.jpg" width= "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px ; height:96px; "/>

2. As prompted, click the letter e to enter edit mode.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/74/FC/wKioL1YwYmyCK1bYAAD77tjROEE668.jpg "style=" width : 500px;height:226px; "title=" 2.jpg "alt=" wkiol1ywymyck1byaad77tjroee668.jpg "width=" "height=" 226 "border=" 0 " Hspace= "0" vspace= "0"/>

3. The cursor selects the second item, then the letter E.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/74/FE/wKiom1YwYjiAatMNAAFzkuCdg34429.jpg "style=" width : 500px;height:246px; "title=" 3.jpg "alt=" wkiom1ywyjiaatmnaafzkucdg34429.jpg "width=" "height=" 246 "border=" 0 " Hspace= "0" vspace= "0"/>

4. Go to edit mode, add a space on the last side, enter 1, S, S, and then click Enter. Then click on the letter B to start based on subsequent prompts.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/74/FC/wKioL1YwYmyTDvggAAD1BeCoi8U970.jpg "style=" width : 500px;height:95px; "title=" 4.jpg "alt=" wkiol1ywymytdvggaad1becoi8u970.jpg "width=" height= "0" border= " Hspace= "0" vspace= "0"/>

5. After the start of the interface is this, do not need to enter a password, directly into the host below. You can change the root password by typing the command passwd.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/74/FE/wKiom1YwYjjAnfn-AAClpxF1nQM445.jpg "style=" width : 500px;height:73px; "title=" 5.jpg "alt=" wkiom1ywyjjanfn-aaclpxf1nqm445.jpg "width=" "height=" border= "0" Hspace= "0" vspace= "0"/>

Unfortunately, this method can only be set on the local server, the cloud server due to SSH login, once reboot, automatically disconnected from the remote, it is not possible to do this. However, the cloud server has a very convenient password reset service, this problem is naturally not difficult.

Second, the Grub password settings

With single-user mode, the root password is not very significant. So how to ensure that the local server root password can not be arbitrarily changed? The following describes how to set the grub password, to give a single user, such as a layer of protection, to protect the root password role.

1. PlainText encryption

# vim/etc/grub.conf

Add a line below Hiddenmenu: PASSWORD=HHHGGG.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/74/FC/wKioL1YwZJTTcZfdAAJevQacOVY247.jpg "title=" 1.jpg " alt= "Wkiol1ywzjttczfdaajevqacovy247.jpg" width= "height=" 203 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width : 500px;height:203px; "When the/> is restarted, press E within 3s and the following prompt appears:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/74/FC/wKioL1YwZUTSTgGsAAD9l5_PuPk317.jpg "title=" 2.jpg " alt= "Wkiol1ywzutstggsaad9l5_pupk317.jpg" width= "height=" 259 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width : 500px;height:259px; "/>

You must enter the HHHGGG password set above to enter the next single-user mode interface. It's a lot safer than the way it used to be. However, the plaintext password is not safe after all, the following describes the encrypted password method to set the grub password.

2. Set the grub password in the encryption mode:

# Man Grub-crypt

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/74/FD/wKioL1YwZx_hhUOEAAC-A4k0-oU182.jpg "title=" 3.jpg " Width= "height=" 161 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px;height:161px; "alt=" wkiol1ywzx_ Hhuoeaac-a4k0-ou182.jpg "/>

There are 3 common ways to generate a key. We try one, and the other approaches apply as well.

Enter the command:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/74/FD/wKioL1YwaI_Qaxw1AAAuUtEoVuU813.jpg "style=" width : 500px;height:42px; "title=" 5.jpg "alt=" wkiol1ywai_qaxw1aaauuteovuu813.jpg "width=" "height=" border= "0" Hspace= "0" vspace= "0"/>

Enter the password two times, as long as the password consistent, generate a password file. It is recommended to build on the SSH login tool because it can be copied.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/74/FF/wKiom1YwaF3AO4sbAABMlyjIXog931.jpg "style=" width : 500px;height:39px; "title=" 6.jpg "alt=" wkiom1ywaf3ao4sbaabmlyjixog931.jpg "width=" "height=" border= "0" Hspace= "0" vspace= "0"/>

Edit the/etc/grub.conf, change the original plaintext password to the current ciphertext password, minus the equals sign, followed by the password generated format.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/74/FD/wKioL1YwbXKDe5YIAABMGPgdoHU406.jpg "title=" 8.jpg " alt= "Wkiol1ywbxkde5yiaabmgpgdohu406.jpg" width= "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px ; height:26px; "/>

After saving, restart the operation will be prompted to enter a password to enter the grub.

In fact, as long as the root password leaked, these can be changed, so, these are not the final element of security. For security reasons, the root user is careful to log in and the password is not stored under its own directory. When you normally do not need root privileges, you can log in as a normal user.

Third, rescue mode

When a new local server, root password do not know, Grub also set the password, how to crack the password? At this time, we used the rescue mode, which is similar to the PE system of Windows, is a memory system. Here's how it's done on VMware.

1. First shut down the Linux system, select the bottom of the Power options: Boot into the computer hardware settings or BIOS-related content, the VM version is different, the content displayed is not the same, but the meaning is the same.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/74/FE/wKioL1YwdLCBgA2-AAFRb6zfXOE911.jpg "style=" width : 500px;height:215px; "title=" 1.jpg "width=" "height=" 215 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1ywdlcbga2-aafrb6zfxoe911.jpg "/>

2. Select the CD-ROM option. Use the minus sign to move the rest of the options down and finally get it to the first place, F10 restart.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/75/01/wKiom1YwdHySxnHhAACpaRGzj10215.jpg "style=" width : 500px;height:174px; "title=" 2.jpg "width=" "height=" 174 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1ywdhysxnhhaacpargzj10215.jpg "/>

3. Select a third, enter.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/74/FE/wKioL1YwdLHx4Yh1AAEFQe1Ds_Q096.jpg "style=" width : 500px;height:216px; "title=" 3.jpg "width=" "height=" 216 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1ywdlhx4yh1aaefqe1ds_q096.jpg "/>

4. Enter the default point. About display language, Chinese is not supported, choose English Bar.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/75/01/wKiom1YwdH2ytbmDAAEQDSJ611Q119.jpg "style=" width : 500px;height:220px; "title=" 4.jpg "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1ywdh2ytbmdaaeqdsj611q119.jpg "/>

5. Default carriage return, keyboard layout, common American keyboard us.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/74/FE/wKioL1YwdLHRZ99BAAEGUQwmQYo265.jpg "style=" width : 500px;height:262px; "title=" 5.jpg "width=" "height=" 262 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1ywdlhrz99baaeguqwmqyo265.jpg "/>

6. Whether to surf the internet, to change the need, tab to switch, select No.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/74/FE/wKioL1YwdMeB8kWbAAComtqrLMQ214.jpg "style=" width : 500px;height:180px; "title=" 6.jpg "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1ywdmeb8kwbaacomtqrlmq214.jpg "/>

7. The format of the mount, the default is good, continue.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/74/FE/wKioL1YwdMeiyIupAAIm8HF2DQE894.jpg "style=" width : 500px;height:260px; "title=" 7.jpg "width=" "height=" 260 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1ywdmeiyiupaaim8hf2dqe894.jpg "/>

8. Note that our original system will be mounted under/mnt/sysimage, and we can use the Chroot/mnt/sysimage command to switch to our original system, the relevant password modification operation.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/75/01/wKiom1YwdJOTtftNAAEn5ShXYGs065.jpg "style=" width : 500px;height:217px; "title=" 8.jpg "width=" "height=" 217 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1ywdjottftnaaen5shxygs065.jpg "/>

9. Default OK.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/74/FE/wKioL1YwdMiABgcOAACsZ35wbjs369.jpg "style=" width : 500px;height:198px; "title=" 9.jpg "width=" "height=" 198 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1ywdmiabgcoaacsz35wbjs369.jpg "/>

10. The default cursor is the first one, OK to enter the shell.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/75/01/wKiom1YwdJPhqOrlAADEb9ZzSh0312.jpg "style=" width : 500px;height:230px; "title=" 10.jpg "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1ywdjphqorlaadeb9zzsh0312.jpg "/>

11. The following is the Shell interface

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/75/01/wKiom1YwdJPRxUp1AABlwuFPWrA905.jpg "style=" width : 500px;height:65px; "title=" 11.jpg "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1ywdjprxup1aablwufpwra905.jpg "/>

The LS command can enter the rescue mode directory.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/74/FE/wKioL1YwdMijDN9YAACSrriLxWA604.jpg "style=" width : 500px;height:69px; "title=" 12.jpg "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1ywdmijdn9yaacsrrilxwa604.jpg "/>

13. If you want to browse the original system directory, you can cd/mnt/sysimage the following, then you can do the relevant operation.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/74/FE/wKioL1YwdNziMr4vAABBRvhtWB0455.jpg "title=" 13.jpg "Width=" height= "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:500PX;HEIGHT:49PX; "alt=" Wkiol1ywdnzimr4vaabbrvhtwb0455.jpg "/>

14. Play, change the password. Executing the chroot/mnt/sysimage mentioned above, the password modification operation can be performed with the passwd command.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/75/01/wKiom1YwdJWgEhwVAABcxLECPIs325.jpg "style=" width : 500px;height:53px; "title=" 14.jpg "width=" "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1ywdjwgehwvaabcxlecpis325.jpg "/>

It seems that any password is not reliable as long as it is in touch with the server hardware. or serious management room, unauthorized people do not allow casually stepping into the room is the world of operation and maintenance workers. Hahaha ...

This article is from the "Liemer_lius blog" blog, make sure to keep this source http://liemerlius.blog.51cto.com/10409683/1707249

Linux single-user mode modifies the root password and grub password settings