[gentoo-user] Forgotten root password on remote system

[gentoo-user] Forgotten root password on remote system

[Grant]

I have forgotten the root password of my remote server.  Is there any
way to retrieve or reset it?

- Grant

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[John Jolet]

remotely?  if there is, couldn't anyone get it?  If the system is patched and 
up-to-date, you should have to be at the keyboard.

On Thursday 25 August 2005 10:47, Grant wrote:
> I have forgotten the root password of my remote server.  Is there any
> way to retrieve or reset it?
>
> - Grant

-- 
John Jolet
Your On-Demand IT Department
512-762-0729
www.jolet.net
john@jolet.net
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Greg Shikhman]

[-- Attachment #1: Type: text/plain, Size: 373 bytes --]

Well, if you or someone at the location has access to grub they could add 
the singleuser flag. This will allow you to change the password.

On 8/25/05, Grant <emailgrant@gmail.com> wrote: 
> 
> I have forgotten the root password of my remote server. Is there any
> way to retrieve or reset it?
> 
> - Grant
> 
> --
> gentoo-user@gentoo.org mailing list
> 
>

[-- Attachment #2: Type: text/html, Size: 683 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[Grant]

> Well, if you or someone at the location has access to grub they could add
> the singleuser flag. This will allow you to change the password.
> 

Thanks for a real solution.  They will attach a KVM unit to the
machine and I can log into the KVM.  Would that help?

- Grant

> > 
> > I have forgotten the root password of my remote server.  Is there any
> > way to retrieve or reset it?
> > 
> > - Grant

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Michael Crute]

[-- Attachment #1: Type: text/plain, Size: 580 bytes --]

On 8/25/05, Grant <emailgrant@gmail.com> wrote:
> 
> Thanks for a real solution. They will attach a KVM unit to the
> machine and I can log into the KVM. Would that help?
> 
> - Grant
> 
> --
> gentoo-user@gentoo.org mailing list
> 
> 
Sure that would work but if you have a sudo user your can do it without 
rebooting.

-Mike

-- 
________________________________
Michael E. Crute
Software Developer
SoftGroup Development Corporation

Linux, because reboots are for installing hardware.
"In a world without walls and fences, who needs windows and gates?"

[-- Attachment #2: Type: text/html, Size: 956 bytes --]

RE: [gentoo-user] Forgotten root password on remote system

[John Dangler]

Grant~
I had the same thing happen to me on one of our dedi servers.  I called the
isp and they had a way of recovering the password, although it cost me $75
to get it done.  Basically, they told me that it's a sophisticated 'hack'
into the machine to get it back.  If there's another way, I'd also be very
interested in knowing what it is.

John D

-----Original Message-----
From: Grant [mailto:emailgrant@gmail.com] 
Sent: Thursday, August 25, 2005 11:47 AM
To: Gentoo mailing list
Subject: [gentoo-user] Forgotten root password on remote system

I have forgotten the root password of my remote server.  Is there any
way to retrieve or reset it?

- Grant

-- 
gentoo-user@gentoo.org mailing list




-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Grant]

> Grant~
> I had the same thing happen to me on one of our dedi servers.  I called the
> isp and they had a way of recovering the password, although it cost me $75
> to get it done.  Basically, they told me that it's a sophisticated 'hack'
> into the machine to get it back.  If there's another way, I'd also be very
> interested in knowing what it is.
> 
> John D

Booyah, thanks John.  LayeredTech.com hooked it up without charge.

- Grant

-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] Forgotten root password on remote system

[John Dangler]

Wow!  That was decent of them.  Is it a dedicated server or a colo ?

John D

-----Original Message-----
From: Grant [mailto:emailgrant@gmail.com] 
Sent: Thursday, August 25, 2005 4:57 PM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Forgotten root password on remote system

> Grant~
> I had the same thing happen to me on one of our dedi servers.  I called
the
> isp and they had a way of recovering the password, although it cost me $75
> to get it done.  Basically, they told me that it's a sophisticated 'hack'
> into the machine to get it back.  If there's another way, I'd also be very
> interested in knowing what it is.
> 
> John D

Booyah, thanks John.  LayeredTech.com hooked it up without charge.

- Grant

-- 
gentoo-user@gentoo.org mailing list





-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Grant]

> Wow!  That was decent of them.  Is it a dedicated server or a colo ?
> 
> John D

Hey John,

It's a dedicated (not virtual dedicated) box.  They changed the
password and forwarded me the new one.

- Grant

-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] Forgotten root password on remote system

[John Dangler]

Hmm - Maybe I need to look into a different service ?

John 


-----Original Message-----
From: Grant [mailto:emailgrant@gmail.com] 
Sent: Thursday, August 25, 2005 5:52 PM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Forgotten root password on remote system

> Wow!  That was decent of them.  Is it a dedicated server or a colo ?
> 
> John D

Hey John,

It's a dedicated (not virtual dedicated) box.  They changed the
password and forwarded me the new one.

- Grant

-- 
gentoo-user@gentoo.org mailing list




-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Grant]

> Hmm - Maybe I need to look into a different service ?
> 
> John

I can tell you that I'm happy with Layered Tech.  They told me I would
have to rent a KVM unit from them to get started with the LiveCD when
I was first installing.  It flipped me out but they wouldn't budge. 
The funny thing is, when I was ready to go they didn't have any KVM
units available so they set up SSH access from the LiveCD after all.

I see sustained transfer rates of 1.2Mbps in portage.

- Grant

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Uwe Thiem]

On 25 August 2005 17:04, John Dangler wrote:
> Grant~
> I had the same thing happen to me on one of our dedi servers.  I called the
> isp and they had a way of recovering the password, although it cost me $75
> to get it done.  Basically, they told me that it's a sophisticated 'hack'
> into the machine to get it back.  If there's another way, I'd also be very
> interested in knowing what it is.

If you have physical access to the box there is nothing sophisticated about 
it.

Uwe

-- 
95% of all programmers rate themselves among the top 5% of all software 
developers. - Linus Torvalds

http://www.uwix.iway.na (last updated: 20.06.2004)
-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] Forgotten root password on remote system

[Dave Nebinger]

> I have forgotten the root password of my remote server.  Is there any
> way to retrieve or reset it?

<sarcasm>
Sure, just use the root backdoor service that every linux system exposes to
connect and change the password.

Ooops, the secret's out, I guess I have to worry about all of you folks
using it to change the password on my boxen.
</sarcasm>

Sorry, couldn't resist.  Of course there is no way at all to do this, nor
would you want to be able to, cause if you could do it anyone could and
would do it.


-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] Forgotten root password on remote system

[Ric Messier]

On Thu, 25 Aug 2005, Dave Nebinger wrote:

>
> Sorry, couldn't resist.  Of course there is no way at all to do this, nor
> would you want to be able to, cause if you could do it anyone could and
> would do it.
>

That's not technically true and the sarcasm wasn't really warranted. I can 
think of a couple of possibilities, of course they assume a couple of 
other things but saying "there is no way at all to do this" is a little 
harsh and technically inaccurate.

Ric

-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] Forgotten root password on remote system

[Dave Nebinger]

> >
> > Sorry, couldn't resist.  Of course there is no way at all to do this,
> nor
> > would you want to be able to, cause if you could do it anyone could and
> > would do it.
> >
> 
> That's not technically true and the sarcasm wasn't really warranted. I can
> think of a couple of possibilities, of course they assume a couple of
> other things but saying "there is no way at all to do this" is a little
> harsh and technically inaccurate.

Sarcasm was warranted because the OP obviously was thinking more about how
he could get root back than how insecure his system would be if it were
possible.  Or perhaps the OP wasn't talking about a remote system of his
own, but actually your system (which is remote to him), in which case anyone
that gave him a valid response is compromising their own system security.

"There is now way at all to do this" most certainly is accurate.  This
assumes that (a) the OP is neither a skilled hacker/cracker and (b) the OP
hasn't specifically set the system up to support this sort of thing.

Sure, there are ways to do it from within and without of the system if you
have those things in place.  From within the system a sticky bit on the
passwd executable would do the trick.  For access from outside the system
you could do anything from developing a web page to do it all the way down
to building a custom service that handles the change.

But none of these things are feasible *after* you've forgotten root's
password as you can't make the necessary file additions/modifications.

Saying "there is no way at all to do this" for the everyday user is most
certainly accurate.  Otherwise system security for linux would be a joke,
and we all know that's far from the case.

And I defy you to prove otherwise...



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Willie Wong]

On Thu, Aug 25, 2005 at 08:47:29AM -0700, Grant wrote:
> I have forgotten the root password of my remote server.  Is there any
> way to retrieve or reset it?
> 
> - Grant

AFAIK it is not possible short of brute force hacking it. If it were,
it sort of defeats the point of security on the box...

Your best bet is to get someone your trust to boot into single for you
and reset the password there. 

W
-- 
ARTHUR	It's not a question of whose habitat it is, it's a 
question of
	how hard you hit it.

- Arthur pointing out one of the disadvantages of gravity, 
Fit the Tenth. 
Sortir en Pantoufles: up 13 days, 19:22
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Michael Crute]

[-- Attachment #1: Type: text/plain, Size: 970 bytes --]

On 8/25/05, Willie Wong <wwong@princeton.edu> wrote:
> 
> AFAIK it is not possible short of brute force hacking it. If it were,
> it sort of defeats the point of security on the box...
> 
> Your best bet is to get someone your trust to boot into single for you
> and reset the password there.
> 
> W
> --
> ARTHUR It's not a question of whose habitat it is, it's a
> question of
> how hard you hit it.
> 
> - Arthur pointing out one of the disadvantages of gravity,
> Fit the Tenth.
> Sortir en Pantoufles: up 13 days, 19:22
> --
> gentoo-user@gentoo.org mailing list
> 
> 
All you really need is an account with sudo rights then `sudo passwd root` 
and your all set, else your suck with singleuser.

-Mike

-- 
________________________________
Michael E. Crute
Software Developer
SoftGroup Development Corporation

Linux, because reboots are for installing hardware.
"In a world without walls and fences, who needs windows and gates?"

[-- Attachment #2: Type: text/html, Size: 1386 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[Willie Wong]

On Thu, Aug 25, 2005 at 12:38:42PM -0400, Michael Crute wrote:
> All you really need is an account with sudo rights then `sudo passwd root` 
> and your all set, else your suck with singleuser.
> 

If the OP has sudo set up, would he really be sending a mail to the
list? And if he didn't, setting up sudo would be a catch 22 now,
wouldn't it?

Though, granted, the OP did only say he lost root passwd, and not
superuser access...

W
-- 
Your mom is a monolithic kernel!
Sortir en Pantoufles: up 13 days, 21:43
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Michael Crute]

[-- Attachment #1: Type: text/plain, Size: 656 bytes --]

On 8/25/05, Willie Wong <wwong@princeton.edu> wrote:
> 
> 
> If the OP has sudo set up, would he really be sending a mail to the
> list? And if he didn't, setting up sudo would be a catch 22 now,
> wouldn't it?
> 
> Though, granted, the OP did only say he lost root passwd, and not
> superuser access...
> 
> 
Indeed and most often the most obvious solution is the one that you have 
overlooked.

-Mike

-- 
________________________________
Michael E. Crute
Software Developer
SoftGroup Development Corporation

Linux, because reboots are for installing hardware.
"In a world without walls and fences, who needs windows and gates?"

[-- Attachment #2: Type: text/html, Size: 965 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[Greg Shikhman]

[-- Attachment #1: Type: text/plain, Size: 216 bytes --]

Well, I just remembered hearing about rootkits. I think all you need is 
access to a user and a rootkit, but I haven't used one so I wouldn't 
know...but a simple google search came up with some linux rootkits :p

[-- Attachment #2: Type: text/html, Size: 223 bytes --]

RE: [gentoo-user] Forgotten root password on remote system

[Dave Nebinger]

> Well, I just remembered hearing about rootkits. I think all 
> you need is access to a user and a rootkit, but I haven't 
> used one so I wouldn't know...but a simple google search 
> came up with some linux rootkits :p

Sure, but is it really something you want to install on your
system?  It might get you in, but how do you ensure you remove
it completely and fast enough to ensure that no one else can
access the system while you're doing it?

Besides, how do you know which rootkit will work with your 
system? Don't you think the kernel developers would be fixing
holes that allowed rootkits in?

Yes you get a lot of hits from google, but if you look at them
Most of them are worthless.  Even for hits that point at some
rootkits you find that they are pretty darn old.  "Compiled 
under FreeBSD 4.3" or "Targets kernel 2.[24]".  Not very practical
these days.



-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] Forgotten root password on remote system

[John Dangler]

yeah - and someone using a rootkit was able to successfully login to our old
dedicated server and wreak havoc on it, too.  That led to a complete rebuild
of the server (which now runs seLinux... (Understandably, there may have
been steps we could/should have taken to prevent it, but this was setup by
our isp and was supposed to be 'secure')...

John D

-----Original Message-----
From: Greg Shikhman [mailto:cornmander@gmail.com] 
Sent: Thursday, August 25, 2005 3:23 PM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Forgotten root password on remote system

Well, I just remembered hearing about rootkits. I think all you need is
access to a user and a rootkit, but I haven't used one so I wouldn't
know...but a simple google search came up with some linux rootkits :p 



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[José Pablo Ezequiel Fernández]

On Thursday 25 August 2005 16:59, John Dangler wrote:
> yeah - and someone using a rootkit was able to successfully login to our
> old dedicated server and wreak havoc on it, too.  That led to a complete
> rebuild of the server (which now runs seLinux... (Understandably, there may
> have been steps we could/should have taken to prevent it, but this was
> setup by our isp and was supposed to be 'secure')...
The most important thing I've learned in security is that *things are not 
secure*, but *things are being kept secured* which is different, the most 
secure system, if nobody takes care to maintain it secure, will eventually be 
insecure.
-- 
José Pablo Ezequiel Fernández

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Ian Hastie]

On Thu, 25 Aug 2005 12:38:42 -0400
Michael Crute <mcrute@gmail.com> wrote:

> All you really need is an account with sudo rights then `sudo passwd
> root` and your all set, else your suck with singleuser.

This is a bad idea as it creates two effective root passwords.  One of
them even has the ability to log in through the network.  Just find the
priveleged user's password and then change the real root one.

-- 
Ian.

EOM
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Michael Crute]

[-- Attachment #1: Type: text/plain, Size: 1016 bytes --]

On 8/25/05, Ian Hastie <ianh@iahastie.clara.net> wrote:
> 
> 
> This is a bad idea as it creates two effective root passwords. One of
> them even has the ability to log in through the network. Just find the
> priveleged user's password and then change the real root one.
> 
> 
<OT>
You have a point here but I find it easier to grant sudo priviledges to the 
admins rather than try to give them all the root password, and since we 
change our root weekly (policies... bah) it would be a maintenance nightmare 
to try to keep everyone in the loop. Plus sudo offers the ability to revoke 
root priviledges plus the ability to limit sudo rights to a set of commands 
(if you so choose). Overall I think sudo is the better way to go. But thats 
just my $0.02
</OT>

-- 
________________________________
Michael E. Crute
Software Developer
SoftGroup Development Corporation

Linux, because reboots are for installing hardware.
"In a world without walls and fences, who needs windows and gates?"

[-- Attachment #2: Type: text/html, Size: 1359 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 652 bytes --]

Am Donnerstag, 25. August 2005 18:21 schrieb ext Willie Wong:

> Your best bet is to get someone your trust to boot into single for you
> and reset the password there.

Single wouldn't work, You still get a login: prompt. The only ways to get at 
it are LiveCD or booting with "init=/bin/bash".

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Hambornerstraße 55      | Web:  http://www.capgemini.com
D-40472 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: Type: application/pgp-signature, Size: 190 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[Frank Schafer]

On Fri, 2005-08-26 at 07:50 +0200, Dirk Heinrichs wrote:
> Am Donnerstag, 25. August 2005 18:21 schrieb ext Willie Wong:
> 
> > Your best bet is to get someone your trust to boot into single for you
> > and reset the password there.
> 
> Single wouldn't work, You still get a login: prompt. The only ways to get at 
> it are LiveCD or booting with "init=/bin/bash".
> 
> Bye...
> 
> 	Dirk

Right. Due to the fact that he got a new password, I think they did it
exactly that way (LifeCD or boot disc).

There is no official hack to get the password out of the machine. It is
nowhere stored in uncrypted form and the crypting algorithm itself is
not reversable.

0.02$
Frank

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Fernando Meira]

[-- Attachment #1: Type: text/plain, Size: 1247 bytes --]

On 8/26/05, Frank Schafer <frank.schafer@t-systems.cz> wrote:
> 
> On Fri, 2005-08-26 at 07:50 +0200, Dirk Heinrichs wrote:
> > Am Donnerstag, 25. August 2005 18:21 schrieb ext Willie Wong:
> >
> > > Your best bet is to get someone your trust to boot into single for you
> > > and reset the password there.
> >
> > Single wouldn't work, You still get a login: prompt. The only ways to 
> get at
> > it are LiveCD or booting with "init=/bin/bash".
> >
> > Bye...
> >
> > Dirk
> 
> Right. Due to the fact that he got a new password, I think they did it
> exactly that way (LifeCD or boot disc).
> 
> There is no official hack to get the password out of the machine. It is
> nowhere stored in uncrypted form and the crypting algorithm itself is
> not reversable.


Not the best way to do it, but getting the crypted form of the root pass and 
using it for a brute-force attack wouldn't get a good result? By good result 
I mean a positive match within a short period of time! Of course I assume 
for that, that he had an idea of what was the password like.. number of 
characters, use of symbols, and so, so that he could apply the attack as 
nearer of the real pass as possible.. would this be a possible way to do it?

[-- Attachment #2: Type: text/html, Size: 1621 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[Frank Schafer]

IYpi3tbduwbfwm

Such a password can't be cracked by brute force.

... and it's easy to remember.

If Your password is 3 times better, don't use words brute force won't
matter.

I use to use SUCH passwords.

;)


On Fri, 2005-08-26 at 08:46 +0000, Fernando Meira wrote:
> On 8/26/05, Frank Schafer <frank.schafer@t-systems.cz> wrote:
>         On Fri, 2005-08-26 at 07:50 +0200, Dirk Heinrichs wrote:
>         > Am Donnerstag, 25. August 2005 18:21 schrieb ext Willie
>         Wong:
>         >
>         > > Your best bet is to get someone your trust to boot into
>         single for you
>         > > and reset the password there.
>         >
>         > Single wouldn't work, You still get a login: prompt. The
>         only ways to get at
>         > it are LiveCD or booting with "init=/bin/bash".
>         >
>         > Bye... 
>         >
>         >       Dirk
>         
>         Right. Due to the fact that he got a new password, I think
>         they did it
>         exactly that way (LifeCD or boot disc).
>         
>         There is no official hack to get the password out of the
>         machine. It is 
>         nowhere stored in uncrypted form and the crypting algorithm
>         itself is
>         not reversable.
> 
> Not the best way to do it, but getting the crypted form of the root
> pass and using it for a brute-force attack wouldn't get a good result?
> By good result I mean a positive match within a short period of time!
> Of course I assume for that, that he had an idea of what was the
> password like.. number of characters, use of symbols, and so, so that
> he could apply the attack as nearer of the real pass as possible..
> would this be a possible way to do it?
> 
> 
> 
> 
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Fernando Meira]

[-- Attachment #1: Type: text/plain, Size: 577 bytes --]

On 8/26/05, Frank Schafer <frank.schafer@t-systems.cz> wrote:
> 
> IYpi3tbduwbfwm
> 
> Such a password can't be cracked by brute force.
> 
> ... and it's easy to remember.
> 
> If Your password is 3 times better, don't use words brute force won't
> matter.


Well.. that just depends on how strong the password was! A brute-force 
attack would get there.. sooner or later!! For being sooner than later, the 
idea was to provide the attack with accurate characteristics of the 
password: number of chars, alphanumeric, upper and lower-case.. and such 
things..

[-- Attachment #2: Type: text/html, Size: 865 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[Frank Schafer]

On Fri, 2005-08-26 at 09:45 +0000, Fernando Meira wrote:
> On 8/26/05, Frank Schafer <frank.schafer@t-systems.cz> wrote:
>         IYpi3tbduwbfwm
>         
>         Such a password can't be cracked by brute force.
>         
>         ... and it's easy to remember.
>         
>         If Your password is 3 times better, don't use words brute
>         force won't
>         matter.
> 
> Well.. that just depends on how strong the password was! A brute-force
> attack would get there.. sooner or later!! For being sooner than
> later, the idea was to provide the attack with accurate
> characteristics of the password: number of chars, alphanumeric, upper
> and lower-case.. and such things.. 
> 

Hmmm, I think the example password should be strong enough but You are
right. Sooner or later it will come in (if sooner is something amongst
some hundreds of years and later something amongst some thousands ;)
BTW: There isn't only the password. There are log analyzers too.
Let such an analyzer catch auth failure - say 20 times within less than
half an hour - for root remote, then it can block access from this IP,
if it catches local auth failure for root - 20 times within less than
half an hour - it can logaut the user (kill his login shell) and block
the account. Mine does so. Well, in this case the sooner is something
amongst some millions of years and the later something amongst some
trillions.
... but this already goes into the direction of IDS.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Fernando Meira]

[-- Attachment #1: Type: text/plain, Size: 1271 bytes --]

On 8/26/05, Frank Schafer <frank.schafer@t-systems.cz> wrote:

> Hmmm, I think the example password should be strong enough but You are
> right. Sooner or later it will come in (if sooner is something amongst
> some hundreds of years and later something amongst some thousands ;)
> BTW: There isn't only the password. There are log analyzers too.
> Let such an analyzer catch auth failure - say 20 times within less than
> half an hour - for root remote, then it can block access from this IP,
> if it catches local auth failure for root - 20 times within less than
> half an hour - it can logaut the user (kill his login shell) and block
> the account. Mine does so. Well, in this case the sooner is something
> amongst some millions of years and the later something amongst some
> trillions.
> ... but this already goes into the direction of IDS.


You're lacking optimism... Of course the brute-force attack was not supposed 
to be done remotely! You can pull passwd to your local machine and the let 
your computer handle it without interruptions. If some proprieties of the 
password are known beforehand, then sooner would be a matter of hours and 
later a couple of days. This is not even putting into the game some 
distributed computing...

[-- Attachment #2: Type: text/html, Size: 1570 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[Michael Crute]

[-- Attachment #1: Type: text/plain, Size: 890 bytes --]

On 8/26/05, Fernando Meira <fmeira@gmail.com> wrote:
> 
> 
> You're lacking optimism... Of course the brute-force attack was not 
> supposed to be done remotely! You can pull passwd to your local machine and 
> the let your computer handle it without interruptions. If some proprieties 
> of the password are known beforehand, then sooner would be a matter of hours 
> and later a couple of days. This is not even putting into the game some 
> distributed computing... 
> 
> 
True, but if you use shadow to store your passwords your in much better 
shape since the average hacker can't get a hold of the root owned shadow 
file.

-Mike

-- 
________________________________
Michael E. Crute
Software Developer
SoftGroup Development Corporation

Linux, because reboots are for installing hardware.
"In a world without walls and fences, who needs windows and gates?"

[-- Attachment #2: Type: text/html, Size: 1234 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[Greg Shikhman]

[-- Attachment #1: Type: text/plain, Size: 1121 bytes --]

Well, when one of my servers got brute forced it was 5+ computers doing it 
at a time in 10 second intervals...

On 8/26/05, Michael Crute <mcrute@gmail.com> wrote: 
> 
> On 8/26/05, Fernando Meira <fmeira@gmail.com> wrote: 
> > 
> >  
> > You're lacking optimism... Of course the brute-force attack was not 
> > supposed to be done remotely! You can pull passwd to your local machine and 
> > the let your computer handle it without interruptions. If some proprieties 
> > of the password are known beforehand, then sooner would be a matter of hours 
> > and later a couple of days. This is not even putting into the game some 
> > distributed computing... 
> > 
> > 
> True, but if you use shadow to store your passwords your in much better 
> shape since the average hacker can't get a hold of the root owned shadow 
> file.
> 
> -Mike 
> 
> -- 
> ________________________________
> Michael E. Crute
> Software Developer
> SoftGroup Development Corporation
> 
> Linux, because reboots are for installing hardware.
> "In a world without walls and fences, who needs windows and gates?" 
>

[-- Attachment #2: Type: text/html, Size: 1809 bytes --]

Re: [gentoo-user] Forgotten root password on remote system

[William Kenworthy]

I use "john the ripper" to test the passwords on my machines.  I created
accounts for all those I wanted to test using the original passwords
(all of which I know!), took a copy of the files then deleted the
accounts.  It took 17 days to bruteforce the root on one machine. Its
now 46 days and none of the others (root or user) have cracked yet.
Machine is a 677Mhz P3 coppermine running as my gateway (hence its up
24/7) with john niced down to 19.

moriah ~ # john -status
guesses: 1  time: 46:04:14:17 (3)  c/s: 1341
moriah ~ #

Two questions, 
1) are there any good dictionaries for john that add to the standard
one, and 

2) what other "common" password crackers are good for this purpose
(i.e., likely to be used by the bad guys)

BillK



On Fri, 2005-08-26 at 16:07 +0200, Frank Schafer wrote:
> On Fri, 2005-08-26 at 09:45 +0000, Fernando Meira wrote:
> > On 8/26/05, Frank Schafer <frank.schafer@t-systems.cz> wrote:
> >         IYpi3tbduwbfwm
> >         

> 
-- 
William Kenworthy <billk@iinet.net.au>
Home!

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Norbert Kamenicky]

Frank Schafer wrote:
> There is no official hack to get the password out of the machine. It is
> nowhere stored in uncrypted form and the crypting algorithm itself is
> not reversable.

Yes, u are right, but encrypted passwords are stored in /etc/shadow,
and therefore u can try to decrypt them (using brutal force) by "john"
(emerge johntheripper).

noro
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Joe Menola]

On Thursday August 25 2005 10:47 am, Grant wrote:
> I have forgotten the root password of my remote server.  Is there any
> way to retrieve or reset it?
>
If you can get access to the root partition (ie:mount from a livecd) and have 
a working /etc/passwd with a known password for root, move the original 
passwd file (or merge other users into the known file keeping the root entry 
of course)... this might grant you access.

-jm
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[Norbert Kamenicky]

Grant wrote:
> I have forgotten the root password of my remote server.  Is there any
> way to retrieve or reset it?

This is my way to solve your problem (and a lot of other problems too):

Ask some guy on remote side do this:

1. Put Knoppix CD into drive and reboot

2. answer "knoppix 2" to "boot:" prompt and hit Enter
    (If prompt doesn't occur, it's probably necessary
      to change booting order in BIOS.)

3. when root prompt "#" appears, write these commands:

   # ifconfig eth0 "server's-IP" netmask "proper-netmask"

   # route add default gw "gateway's-IP"

   # passwd
     put twice this password: word

   # /etc/init.d/sshd start

---------------------------------
If everything went OK, u have now remote access to the server
and u can do anything u like.
U can change password, repair broken lilo or grub setup,
repair broken filesystem, install gentoo ... etc.

To change password, follow these steps:

mv ~/.ssh/known_hosts{,.bak}
ssh root@server
mkdir /gentoo
mount /dev/"root-device" /gentoo
chroot /gentoo
passwd    (now u are changeing server's password)
exit   (from chroot)
init 6; exit   (server reboot)
mv ~/.ssh/known_hosts{.bak,}
Ask remote guy take out Knoppix CD and press "Enter".

U can adopt this receipt to any other bootable media (CD, DVD, usb key,
HDD, etc.) with nearly any live linux on it (Gentoo, Slax ...)

HTH, noro
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Forgotten root password on remote system

[A. Khattri]

On Sun, 28 Aug 2005, Norbert Kamenicky wrote:

> Ask some guy on remote side do this:
>
> 1. Put Knoppix CD into drive and reboot
>
> 2. answer "knoppix 2" to "boot:" prompt and hit Enter
>     (If prompt doesn't occur, it's probably necessary
>       to change booting order in BIOS.)
>
> 3. when root prompt "#" appears, write these commands:
>
>    # ifconfig eth0 "server's-IP" netmask "proper-netmask"
>
>    # route add default gw "gateway's-IP"
>
>    # passwd
>      put twice this password: word
>
>    # /etc/init.d/sshd start

A Gentoo LiveCD could be used the same way.


-- 

-- 
gentoo-user@gentoo.org mailing list