[arm-allstar] Ssh password

David McGough kb4fxc at inttek.net
Thu Dec 5 15:03:32 EST 2019 

I've gotten a few e-mail messages requesting more info about editing the 
/etc/shadow file.  So, here it is.....


First, make a backup copy of this file, something like:

cd /etc
cp shadow shadow.backup

Then, here is what the contents looks like. Your file will probably be 
slightly different. That's fine. Notice that I'm just including the 9 
lines of the file. The remainder was below the <snip>. Don't truncate this 
file when editing!

[root at Allstar-inttek etc]# cat shadow
root:$6$l7HzU5Ge$i.yO6XqGhbFnQQxLUI/NZoD2k23vbEhASTlV.cP40cFrsWpmfo3i5BEKyD0ZKFeE4guXsgsmgX0270cSBW3ir/:17684::::::
bin:x:14871::::::
daemon:x:14871::::::
mail:x:14871::::::
ftp:x:14871::::::
http:x:14871::::::
uuidd:x:14871::::::
dbus:x:14871::::::
nobody:x:14871::::::
<snip>


Note that only the "root" entry contains a password hash---this is the 
second field. The fields are delimited by colons (":"). The first field is 
the account name.

Rename the "root" account line to something else, like "root_old"...You 
can also remove the old line entirely, if preferred:

root_old:$6$l7HzU5Ge$i.yO6XqGhbFnQQxLUI/NZoD2k23vbEhASTlV.cP40cFrsWpmfo3i5BEKyD0ZKFeE4guXsgsmgX0270cSBW3ir/:17684::::::


Now, paste in THIS  new line for the "root" account and save the file. It
has a hashed password of: HAMfun1901

root:$6$lOf4wZcQ$J6X9iCrOG9powS9hglu/4ozgEwf.b7wjh3Fq7Tx7p5JXr4EfuQpmgCIjV2Lsxq.lOLnosW9ld6iakF2Fz5F7H1:18235::::::


So, the /etc/shadow file will now look like:


[root at Allstar-inttek etc]# cat shadow
root:$6$l7HzU5Ge$i.yO6XqGhbFnQQxLUI/NZoD2k23vbEhASTlV.cP40cFrsWpmfo3i5BEKyD0ZKFeE4guXsgsmgX0270cSBW3ir/:17684::::::
root_old:$6$l7HzU5Ge$i.yO6XqGhbFnQQxLUI/NZoD2k23vbEhASTlV.cP40cFrsWpmfo3i5BEKyD0ZKFeE4guXsgsmgX0270cSBW3ir/:17684::::::
bin:x:14871::::::
daemon:x:14871::::::
mail:x:14871::::::
ftp:x:14871::::::
http:x:14871::::::
uuidd:x:14871::::::
dbus:x:14871::::::
nobody:x:14871::::::
<snip>


You can now place the SD card back in the original RPi and boot.  You 
should be able to login as root with the password: HAMfun1901   ....Then, 
go and change the root password to something else!

73, David KB4FXC


On Thu, 5 Dec 2019, "David McGough via ARM-allstar" wrote:

> 
> Kevin,
> 
> As long as it's a fairly strong password, there isn't an easy way to find
> the plain-text for a lost/changed password. The plain-text isn't stored on
> the system, only a one-way hashed result gets stored. The only way to 
> actually recover the password is via brute force---like a dictionary 
> attack.
> 
> However, as Patrick mentioned, you can replace the password with a new 
> one. If you've got a "back door" account with root privilege, you can 
> login via ssh, become root and replace the password with the 'passwd root' 
> command.
> 
> If you can't get in via ssh, you must go to the node's location and
> directly modify the SD card.  The hashed passwords are stored in the
> /etc/shadow file.  This is a text readable file and you can edit manually
> and replace to lost password field.  I'll send you more details about this 
> method, if you need to perform this operation.
> 
> 73, David KB4FXC
> 
> 
>

More information about the ARM-allstar mailing list