Re: [Patch] Assign password (encrypted) from boot parameters

Thu, 02 Oct 2008 11:41:01 -0700 

On Thu, Oct 02, 2008 at 11:47:51PM +0800, Steven Shiau wrote:
> Hi,
> I modified live-initramfs so that we can assign password (encrypted) for
> the default account "user" in boot parameters.
> I am not sure this is a good idea or not, but I found it's really useful
> when you want to put a remote machine with ssh service on.
> To use it:
> 1.  echo "YOUR_PASSWORD" | mkpasswd -s
>      say, it shows "1zShsShaiZumc"
> 2.  put "usercrypted=1zShsShaiZumc" in boot parameters.
> 
The boot parameters are visible to all users. Would the system be 
vulnerable to another user seeing this parameter and running 
something like John the ripper?
> Then after the machine is booted, the password of default user becomes
> "YOUR_PASSWORD"
> 
> 
> Hope this helps.
> My 2 cents.
> 
> Regards,
> Steven.
> 
> -- 
> Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org>
> National Center for High-performance Computing, Taiwan.
> http://www.nchc.org.tw
> Public Key Server PGP Key ID: 1024D/9762755A
> Fingerprint: A2A1 08B7 C22C 3D06 34DB  F4BC 08B3 E3D7 9762 755A
> 
> 

> diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live 
> live-initramfs-1.139.1-new/scripts/live
> --- live-initramfs-1.139.1/scripts/live       2008-10-02 23:09:31.000000000 
> +0800
> +++ live-initramfs-1.139.1-new/scripts/live   2008-10-02 23:05:07.000000000 
> +0800
> @@ -98,6 +98,12 @@
>                               export USERNAME LIVECONF
>                               ;;
>  
> +                     usercrypted=*)
> +                             USERCRYPTED="${ARGUMENT#usercrypted=}"
> +                             LIVECONF="changed"
> +                             export USERCRYPTED LIVECONF
> +                             ;;
> +
>                       userfullname=*)
>                               USERFULLNAME="${ARGUMENT#userfullname=}"
>                               LIVECONF="changed"
> diff --unified --recursive --new-file 
> live-initramfs-1.139.1/scripts/live-bottom/10adduser 
> live-initramfs-1.139.1-new/scripts/live-bottom/10adduser
> --- live-initramfs-1.139.1/scripts/live-bottom/10adduser      2008-10-02 
> 23:09:31.000000000 +0800
> +++ live-initramfs-1.139.1-new/scripts/live-bottom/10adduser  2008-10-02 
> 23:05:50.000000000 +0800
> @@ -31,7 +31,12 @@
>  
>  # live-initramfs script
>  
> -user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
> +if [ -z "${USERCRYPTED}" ]
> +then
> +  user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
> +else
> +  user_crypted="${USERCRYPTED}"
> +fi
>  
>  # U6aMy0wojraho is just a blank password
>  chroot /root debconf-communicate -fnoninteractive live-initramfs > /dev/null 
> << EOF


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to