I don't know enough about security to comment on the implementation, but I would really like to see this functionality become a feature. Cheers, Michael
On Fri, Oct 3, 2008 at 2:48 AM, Steven Shiau <[EMAIL PROTECTED]> wrote: > Bob, > Definitely. > However, this is just an option. Especially when you want to do some remote > rescue action. Give an Debian live iso and ask the guy to download it, burn > it, boot it, and it's ready there. > My 2 cents. > > Regards, > Steven. > > bob wrote: >> >> On Thu, Oct 02, 2008 at 11:47:51PM +0800, Steven Shiau wrote: >>> >>> Hi, >>> I modified live-initramfs so that we can assign password (encrypted) for >>> the default account "user" in boot parameters. >>> I am not sure this is a good idea or not, but I found it's really useful >>> when you want to put a remote machine with ssh service on. >>> To use it: >>> 1. echo "YOUR_PASSWORD" | mkpasswd -s >>> say, it shows "1zShsShaiZumc" >>> 2. put "usercrypted=1zShsShaiZumc" in boot parameters. >>> >> The boot parameters are visible to all users. Would the system be >> vulnerable to another user seeing this parameter and running something like >> John the ripper? >>> >>> Then after the machine is booted, the password of default user becomes >>> "YOUR_PASSWORD" >>> >>> >>> Hope this helps. >>> My 2 cents. >>> >>> Regards, >>> Steven. >>> >>> -- >>> Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org> >>> National Center for High-performance Computing, Taiwan. >>> http://www.nchc.org.tw >>> Public Key Server PGP Key ID: 1024D/9762755A >>> Fingerprint: A2A1 08B7 C22C 3D06 34DB F4BC 08B3 E3D7 9762 755A >>> >>> >> >>> diff --unified --recursive --new-file live-initramfs-1.139.1/scripts/live >>> live-initramfs-1.139.1-new/scripts/live >>> --- live-initramfs-1.139.1/scripts/live 2008-10-02 23:09:31.000000000 >>> +0800 >>> +++ live-initramfs-1.139.1-new/scripts/live 2008-10-02 >>> 23:05:07.000000000 +0800 >>> @@ -98,6 +98,12 @@ >>> export USERNAME LIVECONF >>> ;; >>> + usercrypted=*) >>> + USERCRYPTED="${ARGUMENT#usercrypted=}" >>> + LIVECONF="changed" >>> + export USERCRYPTED LIVECONF >>> + ;; >>> + >>> userfullname=*) >>> USERFULLNAME="${ARGUMENT#userfullname=}" >>> LIVECONF="changed" >>> diff --unified --recursive --new-file >>> live-initramfs-1.139.1/scripts/live-bottom/10adduser >>> live-initramfs-1.139.1-new/scripts/live-bottom/10adduser >>> --- live-initramfs-1.139.1/scripts/live-bottom/10adduser >>> 2008-10-02 23:09:31.000000000 +0800 >>> +++ live-initramfs-1.139.1-new/scripts/live-bottom/10adduser >>> 2008-10-02 23:05:50.000000000 +0800 >>> @@ -31,7 +31,12 @@ >>> # live-initramfs script >>> -user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s) >>> +if [ -z "${USERCRYPTED}" ] >>> +then >>> + user_crypted="8Ab05sVQ4LLps" # as in $(echo "live" | mkpasswd -s) >>> +else >>> + user_crypted="${USERCRYPTED}" >>> +fi >>> # U6aMy0wojraho is just a blank password >>> chroot /root debconf-communicate -fnoninteractive live-initramfs > >>> /dev/null << EOF >> >> > > -- > Steven Shiau <steven _at_ nchc org tw> <steven _at_ stevenshiau org> > National Center for High-performance Computing, Taiwan. > http://www.nchc.org.tw > Public Key Server PGP Key ID: 1024D/9762755A > Fingerprint: A2A1 08B7 C22C 3D06 34DB F4BC 08B3 E3D7 9762 755A > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
