WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Remaster TC - password for root  (Read 1638 times)

Offline Alatun

  • WikiUser
  • *
  • Posts: 41
Remaster TC - password for root
« on: September 02, 2015, 02:17:28 AM »
Sorry for spamming you with questions today :-)

My remastered TC with rdesktop should work in kiosk mode as I wrote earlier. Since it seems not possible to prevent users getting to the linux console, I'd like to prevent them doing bad stuff. In important step would be to assign a password for root.

To get this for a remastered version for TC I need to copy /etc/shadow to the remastered image - right?

Because my remastered TC version already contains about 20 modifications, I wrote a shell script to do all this modifcations. Now I need to modify the root password via shell script.

I already tried:

Code: [Select]
#/bin/sh
echo "myrootpw" | passwd root

Code: [Select]
#/bin/sh
echo "myrootpw\nmyrootpw\n" | passwd root

passwd only tells me, that the password for root has not been changed. No reason given.

If I change password manually and the two passwords don't match, I get "passwords don't match". If it is too short I get: "password too short".

Any ideas how to do this properly?

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 9830
Re: Remaster TC - password for root
« Reply #1 on: September 02, 2015, 02:47:55 AM »
It'd be preferable to change the password on a live system, and then copy /etc/shadow and /etc/password as files.
The only barriers that can stop you are the ones you create yourself.

Offline Greg Erskine

  • Full Member
  • ***
  • Posts: 226
Re: Remaster TC - password for root
« Reply #2 on: September 02, 2015, 04:01:22 AM »
hi Alatun,

Here's a snippet of code I use to change the tc password from a script. It may work for root?

Code: [Select]
echo "tc:"$NEWPASSWORD | sudo chpasswd
The position of the second quote seems strange looking at it now, but this is a "cut and paste" from working code.

regards
Greg

Offline Alatun

  • WikiUser
  • *
  • Posts: 41
Re: Remaster TC - password for root
« Reply #3 on: September 02, 2015, 04:27:02 AM »
Hi Greg,

your proposal works. I just tested it. It also works for root.

That's great. Thank you.

Regards,
Alatun

Offline nbctcp

  • WikiUser
  • *
  • Posts: 6
Re: Remaster TC - password for root
« Reply #4 on: June 14, 2018, 06:30:46 PM »
This one work with small problem
Every time I ssh using root, it will login as tc (tc home directory and userid)
tc@box:~$ pwd
/home/tc
tc@box:~$ whoami
tc


# cat /opt/bootlocal.sh
#!/bin/sh
# put other system startup commands here
/usr/local/etc/init.d/openssh start
/usr/local/etc/init.d/nginx start
/bin/echo "tc:"tc | sudo chpasswd
/bin/echo "root:"root | sudo chpasswd

How to fix that.
I want root got root home and shell

tq
« Last Edit: June 14, 2018, 06:52:06 PM by nbctcp »

Offline centralware

  • Sr. Member
  • ****
  • Posts: 296
Re: Remaster TC - password for root
« Reply #5 on: June 14, 2018, 09:26:48 PM »
Most people are going to say that allowing Root to log into SSH is a bad idea (and for security purposes, it is) but there are two options:

1. Log in as TC and to switch to "root" mode, simply type in su and enter Root's password when asked (you're now logged in as root until you disconnect or type in exit.  If you typed in exit, you'll be switched back over to TC's account.  This is the easiest and safest means to directly gain Root access through SSH.)
2. The alternative is to open the SSH gates allowing Root to physically log in. HOW to enable ROOT ACCESS will depend on which SSH server/daemon you're running.

For dropbear: simply edit /usr/local/etc/init.d/dropbear and remove the -w and -g from the line starting with OPTIONS=
For most compilations of OpenSSH, you have to edit its config file and there's a line stating #PermitRootLogin...  Replace this line to read:
PermitRootLogin=yes
For any other SSH daemon, simply Google "How to allow root with [DaemonName]

Good luck!

Offline nbctcp

  • WikiUser
  • *
  • Posts: 6
Re: Remaster TC - password for root
« Reply #6 on: June 14, 2018, 09:51:18 PM »
I can login as root but get tc shell and id.
This for lab only not for production
I already allow PermitRootLogin

As stated above I get tc home and id when remote login as root using ssh
# cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/false
tc:x:1001:50:Linux User,,,:/home/tc:/bin/sh

# cat /etc/shadow
root:KfoDYgDSimpPI:17697:0:99999:7:::
lp:*:13510:0:99999:7:::
nobody:*:13509:0:99999:7:::
tc:WK7nkjARDrXqU:17697:0:99999:7:::

tq

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 9830
Re: Remaster TC - password for root
« Reply #7 on: June 15, 2018, 12:42:44 AM »
The "superuser" bootcode stops root's login redirecting to tc. It also affects normal boots and not just SSH logins.
The only barriers that can stop you are the ones you create yourself.

Offline aw

  • WikiUser
  • *
  • Posts: 41
Re: Remaster TC - password for root
« Reply #8 on: June 15, 2018, 01:22:48 AM »
I would recommend replacing the password in the /etc/shadow file with a hashed version of your password, rather than adding the plaintext to your script. You either include your modified /etc/shadow in your remaster, or use 'sed' in your script, to change the value on boot.

You can generate the hash quite easily with:

echo -n "yourpass" | openssl passwd -stdin -1
github.com/aw