[gentoo-user] Recovering root password

[gentoo-user] Recovering root password

[Grant]

I've revived an old Gentoo laptop, but I've forgotten the root
password.  I remember the password to my user account and I can log in
there fine.  Can I recover the root password?

- Grant
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Boris Fersing]

On Mon, Mar 24, 2008 at 4:30 PM, Grant <emailgrant@gmail.com> wrote:
> I've revived an old Gentoo laptop, but I've forgotten the root
>  password.  I remember the password to my user account and I can log in
>  there fine.  Can I recover the root password?
>
>  - Grant

Hi,

boot with a liveCD, mount the gentoo partition, chroot into it and type 'passwd'

regards,

Boris.
>  --
>  gentoo-user@lists.gentoo.org mailing list
>
>



-- 
$ ruby -e'puts " .:@BFegiklnorst".unpack("x4ax7aaX6ax5aX15ax4aax6aaX7ax2 \
aX5aX8axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4 \
ax3aX4aXaX12ax10aaX7a").join'
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Dale]

Grant wrote:
> I've revived an old Gentoo laptop, but I've forgotten the root
> password.  I remember the password to my user account and I can log in
> there fine.  Can I recover the root password?
>
> - Grant
>   

I think you can boot into single user mode and reset it.  You have to 
put it on the end of the grub boot line but I can't recall what the 
exact option is.  May help you search tho. 

You can also boot the CD and chroot in to reset it as well.  I'm sure 
that will work just as well.

Dale

:-)  :-) 
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 854 bytes --]


On Mon, 2008-03-24 at 15:39 -0500, Dale wrote:
> Grant wrote:
> > I've revived an old Gentoo laptop, but I've forgotten the root
> > password.  I remember the password to my user account and I can log in
> > there fine.  Can I recover the root password?
> >
> > - Grant
> >   
> 
> I think you can boot into single user mode and reset it.  You have to 
> put it on the end of the grub boot line but I can't recall what the 
> exact option is.  May help you search tho. 
> 
> You can also boot the CD and chroot in to reset it as well.  I'm sure 
> that will work just as well.
> 
> Dale
> 
> :-)  :-) 

The option is "single" but it won't help because it requests the root
password before it gives you your /bin/bash.

Anyway, if you have sudo-rights, you can simply do "sudo passwd" and it
won't ask you for the old password.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Ricardo Saffi Marques]

[-- Attachment #1: Type: text/plain, Size: 841 bytes --]

On Mon, Mar 24, 2008 at 5:30 PM, Grant <emailgrant@gmail.com> wrote:

> I've revived an old Gentoo laptop, but I've forgotten the root
> password.  I remember the password to my user account and I can log in
> there fine.  Can I recover the root password?


On the grub menu, edit the entry of the system you want to boot and on the
kernel line, add "init=/bin/bash" without the quotes. Boot that modded boot
instructions sequence. After kernel loads, you'll have a bash. Type: "mount
-o rw,remount /"
Then type "passwd", put the new root pwd. Remount the partition read-only:
"mount -o ro,remount /" and reboot. Done!

-- 
Ricardo Saffi Marques
Laboratório de Administração e Segurança de Sistemas (LAS/IC)
Universidade Estadual de Campinas (UNICAMP)
Cell: +55 (19) 8128-0435
Skype: ricardo_saffi_marques
Website: http://www.rsaffi.com

[-- Attachment #2: Type: text/html, Size: 1206 bytes --]

Re: [gentoo-user] Recovering root password

[Steven Lembark]

 > On the grub menu, edit the entry of the system you want to boot and on the
 > kernel line, add "init=/bin/bash" without the quotes. Boot that modded boot
 > instructions sequence. After kernel loads, you'll have a bash. Type: "mount
 > -o rw,remount /"

Make sure that your bash is statically linked,
otherwise you can run into problems with this
approach. It's acutally a good idea to keep
a static bash and just put this into grub as
the 'shell-init' or 'aaaargh' entry
(it's in their example config).




-- 
Steven Lembark                                          +1 888 359 3508
Workhorse Computing                                       85-09 90th St
lembark@wrkhors.com                                 Woodhaven, NY 11421
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Ricardo Saffi Marques]

[-- Attachment #1: Type: text/plain, Size: 542 bytes --]

On Mon, Mar 24, 2008 at 5:45 PM, Steven Lembark <lembark@wrkhors.com> wrote:

> It's acutally a good idea to keep a static bash and just put this into
> grub as the 'shell-init' or 'aaaargh' entry (it's in their example config).


That's what I do, at least. ;)
I have that boot entry for cases like that (or worse :-))

-- 
Ricardo Saffi Marques
Laboratório de Administração e Segurança de Sistemas (LAS/IC)
Universidade Estadual de Campinas (UNICAMP)
Cell: +55 (19) 8128-0435
Skype: ricardo_saffi_marques
Website: http://www.rsaffi.com

[-- Attachment #2: Type: text/html, Size: 862 bytes --]

Re: [gentoo-user] Recovering root password

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 855 bytes --]

Am Montag, 24. März 2008 schrieb ext Steven Lembark:

> Make sure that your bash is statically linked,
> otherwise you can run into problems with this
> approach.

# ldd /bin/bash
        linux-gate.so.1 =>  (0xb7f2a000)
        libncurses.so.5 => /lib/libncurses.so.5 (0xb7ec7000)
        libdl.so.2 => /lib/libdl.so.2 (0xb7ec3000)
        libc.so.6 => /lib/libc.so.6 (0xb7d6b000)
        /lib/ld-linux.so.2 (0xb7f2b000)

No need for a static bash, since everything it needs is in /lib.

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68      | Web:  http://www.capgemini.com
D-40468 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 701 bytes --]

On Mon, 24 Mar 2008 17:40:13 -0300, Ricardo Saffi Marques wrote:

> On the grub menu, edit the entry of the system you want to boot and on
> the kernel line, add "init=/bin/bash" without the quotes. Boot that
> modded boot instructions sequence. After kernel loads, you'll have a
> bash. Type: "mount -o rw,remount /"

Or just add "rw init=/bin/sh" to avoid remounting /.

It's probably better to use a shell designed for rescue work,
like sash or busybox instead of bash, especially if /usr is on a
separate filesystem.


-- 
Neil Bothwick

"We are Microsoft of Borg. Prepare to...."
The application "assimilation" has caused a General Protection Fault
and must exit immediately.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Steven Lembark]

 > It's probably better to use a shell designed for rescue work,
 > like sash or busybox instead of bash, especially if /usr is on a
 > separate filesystem.

The statically linked bash acutally works rather
well for this. The main advantage I've found
using it for recovery situations is that I'm
used to it: sourceing root's .bash_profile is
enough to give a familiar environment.

-- 
Steven Lembark                                          +1 888 359 3508
Workhorse Computing                                       85-09 90th St
lembark@wrkhors.com                                 Woodhaven, NY 11421
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Grant]

> > I've revived an old Gentoo laptop, but I've forgotten the root
> > password.  I remember the password to my user account and I can log in
> > there fine.  Can I recover the root password?
>
> On the grub menu, edit the entry of the system you want to boot and on the
> kernel line, add "init=/bin/bash" without the quotes. Boot that modded boot
> instructions sequence. After kernel loads, you'll have a bash. Type: "mount
> -o rw,remount /"
>  Then type "passwd", put the new root pwd. Remount the partition read-only:
> "mount -o ro,remount /" and reboot. Done!

Done deal, thanks everyone.

- Grant
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Alan McKinnon]

On Monday 24 March 2008, Grant wrote:
> I've revived an old Gentoo laptop, but I've forgotten the root
> password.  I remember the password to my user account and I can log
> in there fine.  Can I recover the root password?

No, that would require undoing high-quality encryption schemes. Which is 
a good thing, otherwise your internet banking couldn't be safe (amongst 
other similar evils)

What you can do is replace the root password with something else:

Boot from any old LiveCD, mount your gentoo partitions somewhere, chroot 
into them as root and run 'passwd'

If this sounds familiar, it's because it's the same process you used to 
install Gentoo in the first place :-)


-- 
Alan McKinnon
alan dot mckinnon at gmail dot com

-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Uwe Thiem]

On Monday 24 March 2008, Grant wrote:
> I've revived an old Gentoo laptop, but I've forgotten the root
> password.  I remember the password to my user account and I can log
> in there fine.  Can I recover the root password?

If you could passwords were useless. ;-)

But you can boot from a LiveCD, mount your harddrive, chroot and then 
give root another password.

Uwe

-- 
Informal Linux Group Namibia:
http://www.linux.org.na/
SysEx (Pty) Ltd.:
http://www.SysEx.com.na/
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Liviu Andronic]

On Tue, Mar 25, 2008 at 6:41 AM, Uwe Thiem <uwix@iway.na> wrote:
> > I've revived an old Gentoo laptop, but I've forgotten the root
>  > password.  I remember the password to my user account and I can log
>  > in there fine.  Can I recover the root password?
>
>  If you could passwords were useless. ;-)
>
>  But you can boot from a LiveCD, mount your harddrive, chroot and then
>  give root another password.

But then, conventional passwords are as useless. One needs no more
than physical access to the computer, a LiveCD and a couple minutes in
order to become the super user of your system. Basically, the password
seems useful only to know whether anyone has changed it behind your
back.

I am starting to wonder why am I so attached to my root password being
strong.. :)
Liviu
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 1428 bytes --]

Am Dienstag, 25. März 2008 schrieb ext Liviu Andronic:
> On Tue, Mar 25, 2008 at 6:41 AM, Uwe Thiem <uwix@iway.na> wrote:
> > > I've revived an old Gentoo laptop, but I've forgotten the root
> > >
> >  > password.  I remember the password to my user account and I can log
> >  > in there fine.  Can I recover the root password?
> >
> >  If you could passwords were useless. ;-)
> >
> >  But you can boot from a LiveCD, mount your harddrive, chroot and then
> >  give root another password.
>
> But then, conventional passwords are as useless. One needs no more
> than physical access to the computer, a LiveCD and a couple minutes in
> order to become the super user of your system. Basically, the password
> seems useful only to know whether anyone has changed it behind your
> back.

That's only true if you didn't do anything else to protect the system. All 
the above is useless if the / filesystem is encrypted.

> I am starting to wonder why am I so attached to my root password being
> strong.. :)

Because it protects your system from abuse.

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68      | Web:  http://www.capgemini.com
D-40468 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Alan McKinnon]

On Tuesday 25 March 2008, Liviu Andronic wrote:
> >  But you can boot from a LiveCD, mount your harddrive, chroot and
> > then give root another password.
>
> But then, conventional passwords are as useless. One needs no more
> than physical access to the computer, a LiveCD and a couple minutes
> in order to become the super user of your system. Basically, the
> password seems useful only to know whether anyone has changed it
> behind your back.

Let me guess - you own a notebook and most of your exposure to running a 
computer is limited to that, and you have never administered a real 
server somewhere, right?

It's very very easy to keep your servers safe from physical access 
attacks - make sure the bad guys can't touch it. This is so easy to do 
it's laughable - we use a locked door. The only people who have a key 
are those who have to root password anyway.

On a notebook, there isn't an OS in existence that is immune to a 
LiveCD. If this concerns you, apply some biometrics and encrypted 
filesystem patches. Or stop using notebooks. Or stop using computers 
that someone else can touch.

-- 
Alan McKinnon
alan dot mckinnon at gmail dot com

--
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 632 bytes --]

Am Dienstag, 25. März 2008 schrieb ext Alan McKinnon:
> On a notebook, there isn't an OS in existence that is immune to a
> LiveCD.

Linux is. In the sense that you can't get at the data if the disc is 
encrypted, even not with a LiveCD. You can only destroy/overwrite it.

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68      | Web:  http://www.capgemini.com
D-40468 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Alan McKinnon]

On Tuesday 25 March 2008, Dirk Heinrichs wrote:
> Am Dienstag, 25. März 2008 schrieb ext Alan McKinnon:
> > On a notebook, there isn't an OS in existence that is immune to a
> > LiveCD.
>
> Linux is. In the sense that you can't get at the data if the disc is
> encrypted, even not with a LiveCD. You can only destroy/overwrite it.

Yes, I realised that when typing the original, but left it as is - too 
many IF conditionals would be needed to be accurate and English is 
almost useless at getting IFs to parse correctly :-)

Passwords come from a time when users had terminals that log onto 
machines that are somewhere else and the user can't lay a finger on 
them. Things have indeed changed since 1978


-- 
Alan McKinnon
alan dot mckinnon at gmail dot com

--
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Grant]

>  > > On a notebook, there isn't an OS in existence that is immune to a
>  > > LiveCD.
>  >
>  > Linux is. In the sense that you can't get at the data if the disc is
>  > encrypted, even not with a LiveCD. You can only destroy/overwrite it.
>
>  Yes, I realised that when typing the original, but left it as is - too
>  many IF conditionals would be needed to be accurate and English is
>  almost useless at getting IFs to parse correctly :-)
>
>  Passwords come from a time when users had terminals that log onto
>  machines that are somewhere else and the user can't lay a finger on
>  them. Things have indeed changed since 1978

Would the type of filesystem encryption you guys are talking about be
unsuitable for a high-traffic server because of performance
considerations?

- Grant
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Uwe Thiem]

On Tuesday 25 March 2008, Grant wrote:
> >  > > On a notebook, there isn't an OS in existence that is immune
> >  > > to a LiveCD.
> >  >
> >  > Linux is. In the sense that you can't get at the data if the
> >  > disc is encrypted, even not with a LiveCD. You can only
> >  > destroy/overwrite it.
> >
> >  Yes, I realised that when typing the original, but left it as is
> > - too many IF conditionals would be needed to be accurate and
> > English is almost useless at getting IFs to parse correctly :-)
> >
> >  Passwords come from a time when users had terminals that log
> > onto machines that are somewhere else and the user can't lay a
> > finger on them. Things have indeed changed since 1978
>
> Would the type of filesystem encryption you guys are talking about
> be unsuitable for a high-traffic server because of performance
> considerations?

Yes, and it isn't necessary. You lock your servers away so that nobody 
has physical access to them.

It's only interesting for workstations, laptops and external storage 
devices.

Uwe

-- 
Informal Linux Group Namibia:
http://www.linux.org.na/
SysEx (Pty) Ltd.:
http://www.SysEx.com.na/
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Grant]

>  > >  > > On a notebook, there isn't an OS in existence that is immune
>  > >  > > to a LiveCD.
>  > >  >
>  > >  > Linux is. In the sense that you can't get at the data if the
>  > >  > disc is encrypted, even not with a LiveCD. You can only
>  > >  > destroy/overwrite it.
>  > >
>  > >  Yes, I realised that when typing the original, but left it as is
>  > > - too many IF conditionals would be needed to be accurate and
>  > > English is almost useless at getting IFs to parse correctly :-)
>  > >
>  > >  Passwords come from a time when users had terminals that log
>  > > onto machines that are somewhere else and the user can't lay a
>  > > finger on them. Things have indeed changed since 1978
>  >
>  > Would the type of filesystem encryption you guys are talking about
>  > be unsuitable for a high-traffic server because of performance
>  > considerations?
>
>  Yes, and it isn't necessary. You lock your servers away so that nobody
>  has physical access to them.

Sounds like co-location right?  I just have a hosted dedicated
machine.  The thing that's always kept me from co-locating is hardware
failure.  That would be a "my problem" in a co-located environment
rather than a "their problem" right?

- Grant


>  It's only interesting for workstations, laptops and external storage
>  devices.
>
>
>  Uwe
-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Recovering root password

[Michael Schmarck]

Hi.

Grant <emailgrant <at> gmail.com> writes:

> >  > Would the type of filesystem encryption you guys are talking about
> >  > be unsuitable for a high-traffic server because of performance
> >  > considerations?
> >
> >  Yes, and it isn't necessary. You lock your servers away so that nobody
> >  has physical access to them.

I'd rather say: "... so that only trusted people have ...". But besides
this nitpick, I agree with you.

> 
> Sounds like co-location right?

No. Sounds like "build your own data center" :)

>  I just have a hosted dedicated
> machine.  

This means that you've got to trust the people hosting your
environment. If you don't, then move away! You know, they
could "easily"  install a traffic sniffers and whatnot.

> The thing that's always kept me from co-locating is hardware
> failure.  That would be a "my problem" in a co-located environment
> rather than a "their problem" right?

Depends on your contract, but generally speaking, you're right, yes.

Michael

-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 823 bytes --]

Am Dienstag, 25. März 2008 schrieb ext Uwe Thiem:

> On Tuesday 25 March 2008, Grant wrote:
> >
> > Would the type of filesystem encryption you guys are talking about
> > be unsuitable for a high-traffic server because of performance
> > considerations?
>
> Yes, and it isn't necessary. You lock your servers away so that nobody
> has physical access to them.

What if you sell them or give them back (leased machines)? Do you erase your 
discs beforehand.

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68      | Web:  http://www.capgemini.com
D-40468 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Uwe Thiem]

On Wednesday 26 March 2008, Dirk Heinrichs wrote:
> Am Dienstag, 25. März 2008 schrieb ext Uwe Thiem:

> > Yes, and it isn't necessary. You lock your servers away so that
> > nobody has physical access to them.
>
> What if you sell them or give them back (leased machines)? Do you
> erase your discs beforehand.

Depends on the content of the disks. If it is sensitive, I wipe them 
(not just rm or mkfs). But then, this problem has never occurred to 
me. I don't lease servers, nor do I sell them. Usually, my servers 
aren't sellable by the time I can't use them any more. ;-)

Uwe 

-- 
Informal Linux Group Namibia:
http://www.linux.org.na/
SysEx (Pty) Ltd.:
http://www.SysEx.com.na/
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 1330 bytes --]


On Tue, 2008-03-25 at 09:32 -0700, Grant wrote:
> >  > > On a notebook, there isn't an OS in existence that is immune to a
> >  > > LiveCD.
> >  >
> >  > Linux is. In the sense that you can't get at the data if the disc is
> >  > encrypted, even not with a LiveCD. You can only destroy/overwrite it.
> >
> >  Yes, I realised that when typing the original, but left it as is - too
> >  many IF conditionals would be needed to be accurate and English is
> >  almost useless at getting IFs to parse correctly :-)
> >
> >  Passwords come from a time when users had terminals that log onto
> >  machines that are somewhere else and the user can't lay a finger on
> >  them. Things have indeed changed since 1978
> 
> Would the type of filesystem encryption you guys are talking about be
> unsuitable for a high-traffic server because of performance
> considerations?
> 
> - Grant

I did some benchmarks recently, posted them on gentoo-security. Long
story short: Even my 64bit single-core Celeron can do 256bit AES, 320bit
Anubis  or 256bit Twofish faster than writing data to the disk (37MB/s).
Blowfish, CAST and Serpent are too slow.

128bit AES (which I deem good enough for the near future) causes around
40% CPU-utilization.

Whether it is suitable for your server depends on its usage patterns. 

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Steven Lembark]

 >>  them. Things have indeed changed since 1978

Unless you include the time in 1972 that some of
my friends broke into the computer room, hacked
the PDP-11, and inserted "Panther, Pink" into
every class in the highschool.

They have remained hugely the same :-)

-- 
Steven Lembark                                          +1 888 359 3508
Workhorse Computing                                       85-09 90th St
lembark@wrkhors.com                                 Woodhaven, NY 11421
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Alan McKinnon]

On Tuesday 25 March 2008, Steven Lembark wrote:
>  >>  them. Things have indeed changed since 1978
>
> Unless you include the time in 1972 that some of
> my friends broke into the computer room, hacked
> the PDP-11, and inserted "Panther, Pink" into
> every class in the highschool.
>
> They have remained hugely the same :-)

I stand corrected :-)

The technology and what people are supposed to do with computers has 
changed a lot.

What wise-ass kids DO do with them has stayed exactly the same. 

Sidenote: I'll expect that most of those same hacker kids are now 
well-respected and competent IT professionals, right? That also hasn't 
changed much over the years...

-- 
Alan McKinnon
alan dot mckinnon at gmail dot com

-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 652 bytes --]

On Tue, 25 Mar 2008 10:25:17 +0200, Alan McKinnon wrote:

> On a notebook, there isn't an OS in existence that is immune to a 
> LiveCD. If this concerns you, apply some biometrics and encrypted 
> filesystem patches. Or stop using notebooks. Or stop using computers 
> that someone else can touch.

Or disable booting from the optical drive (or remove it completely) and
set a password in the BIOS. This is one of the few areas in which a
laptop has an advantage, you can't just pope the side off the case and
flip a jumper to reset the BIOS.


-- 
Neil Bothwick

WinErr 003: Dynamic linking error - Your mistake is now in every file

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Liviu Andronic]

On Tue, Mar 25, 2008 at 10:12 AM, Neil Bothwick <neil@digimed.co.uk> wrote:
>  Or disable booting from the optical drive (or remove it completely) and
>  set a password in the BIOS. This is one of the few areas in which a
>  laptop has an advantage, you can't just pope the side off the case and
>  flip a jumper to reset the BIOS.
>

I'd say the BIOS is not much of a security enforcer. Even with the
BIOS password protected, one can plug out the hardrive, connect to
another system and get access to all the data. It might need more time
than a LiveCD approach, it would be as efficient. As Alan and Wael
suggested, the approaches that can work in protecting your data are a
physical key to a locked door or a root encrypted system.
Liviu
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

On Tue, 25 Mar 2008 13:08:04 +0100, Liviu Andronic wrote:

> I'd say the BIOS is not much of a security enforcer. Even with the
> BIOS password protected, one can plug out the hardrive, connect to
> another system and get access to all the data. It might need more time
> than a LiveCD approach, it would be as efficient. As Alan and Wael
> suggested, the approaches that can work in protecting your data are a
> physical key to a locked door or a root encrypted system.

If it is possible to have sufficient access to be able to remove the hard
drive, then an encrypted filesystem is essential. Any computer that isn't
nailed down behind a locked door should have this, unless it contains and
has access to absolutely nothing of value.


-- 
Neil Bothwick

I'll try being nicer if you'll try being smarter.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Steven Lembark]

 > If it is possible to have sufficient access to be able to remove the hard
 > drive, then an encrypted filesystem is essential. Any computer that isn't
 > nailed down behind a locked door should have this, unless it contains and
 > has access to absolutely nothing of value.

Which setup does anyone out there use for the encfs?

-- 
Steven Lembark                                          +1 888 359 3508
Workhorse Computing                                       85-09 90th St
lembark@wrkhors.com                                 Woodhaven, NY 11421
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Recovering root password

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 563 bytes --]

Am Dienstag, 25. März 2008 schrieb Steven Lembark:

>  > If it is possible to have sufficient access to be able to remove the
>  > hard drive, then an encrypted filesystem is essential. Any computer that
>  > isn't nailed down behind a locked door should have this, unless it
>  > contains and has access to absolutely nothing of value.
>
> Which setup does anyone out there use for the encfs?

I use LUKS encrypted logical volumes. Root fs is encrypted with a password, 
all other volumes are encrypted with a keyfile located on /.

Bye...

	Dirk

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Wael Nasreddine]

[-- Attachment #1: Type: text/plain, Size: 657 bytes --]

This One Time, at Band Camp, Dirk Heinrichs <dirk.heinrichs@online.de> said, On Tue, Mar 25, 2008 at 07:02:59PM +0100:

> I use LUKS encrypted logical volumes. Root fs is encrypted with a password,
> all other volumes are encrypted with a keyfile located on /.
Why not encrypt a big fat partition and then have an LVM array over it
for all your partitions including swap ?? Suspend2 will work with this
setup just in case you are wondering.

--
Wael Nasreddine
http://wael.nasreddine.com
PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724  DE12 5565 3945 C8DD 18A2

/ö\ Slug: Peep it! The sun's already risin'. We're gonna have to blow this joint.

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 938 bytes --]

Am Dienstag, 25. März 2008 schrieb ext Wael Nasreddine:
> This One Time, at Band Camp, Dirk Heinrichs <dirk.heinrichs@online.de> 
said, On Tue, Mar 25, 2008 at 07:02:59PM +0100:
> > I use LUKS encrypted logical volumes. Root fs is encrypted with a
> > password, all other volumes are encrypted with a keyfile located on /.
>
> Why not encrypt a big fat partition and then have an LVM array over it
> for all your partitions including swap ??

Hmm, could do it this way also, yes.

> Suspend2 will work with this 
> setup just in case you are wondering.

I don't use it.

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68      | Web:  http://www.capgemini.com
D-40468 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 226 bytes --]

On Tue, 25 Mar 2008 13:53:24 -0400, Steven Lembark wrote:

> Which setup does anyone out there use for the encfs?

I use LUKS too.


-- 
Neil Bothwick

Eagles may soar, but Wombles don't get sucked into jet engines

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Wael Nasreddine]

[-- Attachment #1: Type: text/plain, Size: 1177 bytes --]

This One Time, at Band Camp, Liviu Andronic <landronimirc@gmail.com> said, On Tue, Mar 25, 2008 at 09:03:29AM +0100:
> >  But you can boot from a LiveCD, mount your harddrive, chroot and then
> >  give root another password.

> But then, conventional passwords are as useless. One needs no more
> than physical access to the computer, a LiveCD and a couple minutes in
> order to become the super user of your system. Basically, the password
> seems useful only to know whether anyone has changed it behind your
> back.

> I am starting to wonder why am I so attached to my root password being
> strong.. :)
> Liviu
That's why I have my entire installation over a DM-CRYPT ( LUKS
encrypted partition... ), including swaps and storage ( LVM over
DM-CRYPT actually), this way even if someone had a physical access to
my laptop, both GRUB and LiveCD approach would be useless...

-- 
Wael Nasreddine
http://wael.nasreddine.com
PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724  DE12 5565 3945 C8DD 18A2

/ö\ Son, this is the only time I'm ever gonna say this.  It is not okay to
/ö\ lose.
/ö\
/ö\        		-- Homer Simpson
/ö\ 		   Dead Putting Society

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1616 bytes --]

On Tuesday 25 March 2008, Wael Nasreddine wrote:
> This One Time, at Band Camp, Liviu Andronic <landronimirc@gmail.com> said, 
On Tue, Mar 25, 2008 at 09:03:29AM +0100:
> > >  But you can boot from a LiveCD, mount your harddrive, chroot and then
> > >  give root another password.
> >
> > But then, conventional passwords are as useless. One needs no more
> > than physical access to the computer, a LiveCD and a couple minutes in
> > order to become the super user of your system. Basically, the password
> > seems useful only to know whether anyone has changed it behind your
> > back.
> >
> > I am starting to wonder why am I so attached to my root password being
> > strong.. :)
> > Liviu
>
> That's why I have my entire installation over a DM-CRYPT ( LUKS
> encrypted partition... ), including swaps and storage ( LVM over
> DM-CRYPT actually), this way even if someone had a physical access to
> my laptop, both GRUB and LiveCD approach would be useless...

I've thought about going for this . . . and then backpedaled once more.  Every 
time I had a fs problem I have managed to recover to this date without much 
trouble.  Vanilla primary and extended partitions seem to be straight forward 
to access with any LiveCD.  To be honest even when I had to frig about with 
LVM I managed to recover without loss of data (more out of luck than skill I 
suspect).  The thought however, that I may lose my private key (never say 
never), or lose a drive and need to access my data pronto from a back up 
makes me somewhat nervous.  Should I be more brave that this?
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Wael Nasreddine]

[-- Attachment #1: Type: text/plain, Size: 3174 bytes --]

This One Time, at Band Camp, Mick <michaelkintzios@gmail.com> said, On Tue, Mar 25, 2008 at 05:23:00PM +0000:
> > That's why I have my entire installation over a DM-CRYPT ( LUKS
> > encrypted partition... ), including swaps and storage ( LVM over
> > DM-CRYPT actually), this way even if someone had a physical access to
> > my laptop, both GRUB and LiveCD approach would be useless...

> I've thought about going for this . . . and then backpedaled once more.  Every
> time I had a fs problem I have managed to recover to this date without much
> trouble.  Vanilla primary and extended partitions seem to be straight forward
> to access with any LiveCD.  To be honest even when I had to frig about with
> LVM I managed to recover without loss of data (more out of luck than skill I
> suspect).  The thought however, that I may lose my private key (never say
> never), or lose a drive and need to access my data pronto from a back up
> makes me somewhat nervous.  Should I be more brave that this?
Well it depends... First of all you should know that almost every LiveCD
now include a cryptsetup/lvm implementation, Gentoo does, Ubuntu does
( not as is though you should apt-get cryptsetyp, AFAIK lvm already
installed), so recovering data would not be that hard if you can open
the partition... As for loosing the key, that's easy too, here's what
I do: I create a small file from /dev/urandom and I use it as pass key
SLOT, and store it somewhere safe, so if and when I forget all of the
passwords I have, I use this key, it is safe.

Anyway as I said above it actually depends, using dm-crypt will lower
the performance of your machine which actually make sense since the
data are encrypted before they are written to the disk (AFAIK I'm not
really sure how it handles I/O operations, but I'm sure that writing a
huge file to your HDD will result in a lot of CPU usage of the process
'kcryptd'), but using dm-crypt is very very secure, I use it because
my laptop is with me every day when I go to the university so I need
this kind of security... On the other hand if you don't need
encryption, maybe you should stick with LVM... (LVM is a must checkout
my partitions below, I love it...)

--------- CUT
# lvdisplay -C
  LV              VG     Attr   LSize   Origin Snap%  Move Log Copy%  Convert
  gentoo-opt      system -wi-ao   1.00G
  gentoo-overlays system -wi-ao   1.00G
  gentoo-root     system -wi-ao 500.00M
  gentoo-usr      system -wi-ao   5.00G
  gentoo-var      system -wi-ao 500.00M
  home            system -wi-ao  15.00G
  storage         system -wi-ao  50.66G
  suspend-swap    system -wi-a-   1.00G
  swap            system -wi-ao   2.00G
  tmp             system -wi-ao 500.00M
  ubuntu-opt      system -wi-ao   1.00G
  ubuntu-root     system -wi-ao 500.00M
  ubuntu-usr      system -wi-ao   3.50G
  ubuntu-var      system -wi-ao 500.00M
  var-tmp         system -wi-ao 100.00M
--------- CUT

Regards,

--
Wael Nasreddine
http://wael.nasreddine.com
PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724  DE12 5565 3945 C8DD 18A2

/ö\
/ö\ When Chuck Norris wants an egg, he cracks open a chicken.

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Recovering root password

[Steven Lembark]

 > I am starting to wonder why am I so attached to my root password being
 > strong.. :)

Becuase I can crack a simple password from outside
of the box. Hacking in w/ a CD or the init=blah
approach requires physical access and a reboot,
both of which are fairly noticable and preventable.

-- 
Steven Lembark                                          +1 888 359 3508
Workhorse Computing                                       85-09 90th St
lembark@wrkhors.com                                 Woodhaven, NY 11421
-- 
gentoo-user@lists.gentoo.org mailing list