Bob,
Definitely.
However, this is just an option. Especially when you want to do some
remote rescue action. Give an Debian live iso and ask the guy to
download it, burn it, boot it, and it's ready there.
My 2 cents.
Regards,
Steven.
bob wrote:
On Thu, Oct 02, 2008 at 11:47:51PM +0800, Steven Shiau wrote:
Hi,
I modified live-initramfs so that we can assign password (encrypted) for
the default account "user" in boot parameters.
I am not sure this is a good idea or not, but I found it's really useful
when you want to put a remote machine with ssh service on.
To use it:
1. echo "YOUR_PASSWORD" | mkpasswd -s
say, it shows "1zShsShaiZumc"
2. put "usercrypted=1zShsShaiZumc" in boot parameters.
The boot parameters are visible to all users. Would the system be
vulnerable to another user seeing this parameter and running
something like John the ripper?
Then after the machine is booted, the password of default user becomes
"YOUR_PASSWORD"
Hope this helps.
My 2 cents.
Regards,
Steven.
--
Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org>
National Center for High-performance Computing, Taiwan.
http://www.nchc.org.tw
Public Key Server PGP Key ID: 1024D/9762755A
Fingerprint: A2A1 08B7 C22C 3D06 34DB F4BC 08B3 E3D7 9762 755A
diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live
live-initramfs-1.139.1-new/scripts/live
--- live-initramfs-1.139.1/scripts/live 2008-10-02 23:09:31.000000000 +0800
+++ live-initramfs-1.139.1-new/scripts/live 2008-10-02 23:05:07.000000000
+0800
@@ -98,6 +98,12 @@
export USERNAME LIVECONF
;;
+ usercrypted=*)
+ USERCRYPTED="${ARGUMENT#usercrypted=}"
+ LIVECONF="changed"
+ export USERCRYPTED LIVECONF
+ ;;
+
userfullname=*)
USERFULLNAME="${ARGUMENT#userfullname=}"
LIVECONF="changed"
diff --unified --recursive --new-file
live-initramfs-1.139.1/scripts/live-bottom/10adduser
live-initramfs-1.139.1-new/scripts/live-bottom/10adduser
--- live-initramfs-1.139.1/scripts/live-bottom/10adduser 2008-10-02
23:09:31.000000000 +0800
+++ live-initramfs-1.139.1-new/scripts/live-bottom/10adduser 2008-10-02
23:05:50.000000000 +0800
@@ -31,7 +31,12 @@
# live-initramfs script
-user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
+if [ -z "${USERCRYPTED}" ]
+then
+ user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s)
+else
+ user_crypted="${USERCRYPTED}"
+fi
# U6aMy0wojraho is just a blank password
chroot /root debconf-communicate -fnoninteractive live-initramfs > /dev/null
<< EOF
--
Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org>
National Center for High-performance Computing, Taiwan.
http://www.nchc.org.tw
Public Key Server PGP Key ID: 1024D/9762755A
Fingerprint: A2A1 08B7 C22C 3D06 34DB F4BC 08B3 E3D7 9762 755A
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
