There are many reasons that may result in the loss of the user password, which may not be a problem for the system administrator, as long as the root account is logged in, change the user password with the passwd command. However, what if it is a root password? Is it harderless, reloading the system? This not only costs, but also may cause the loss of important data and the destruction of the application. Obviously this approach is not advisable.
---- In fact, recovery Linux password is not a difficult thing. There are 2 aspects of the Linux password: one is to generate a new password to the user, users can re-login the system; the other is to find the original password, instead of replacing the old password with the new password. In general, users only want to log in to enter the system again, rather than obtaining the original call, that is, the first aspect here, relatively, this is easy to achieve much.
---- Linux password recovery is a typical situation of system maintenance. Some methods mentioned herein are from system maintenance, not only for the recovery of Linux passwords, but also because some reasons cannot be normal login. The maintenance of the system has a reference to the management and maintenance of the Linux system.
---- Methods of all mentioned recovery Linux passwords in this article test in practice, the Linux system used is mainly redhat Linux for x86, in actual password recovery, may be due to Linux distributors, release, processor Unlike hard drives, there is slightly different, but the difference will not be large. Some methods apply to the recovery of other UNIX system passwords, and even recovery of operating system passwords such as Windows.
First, the password recovery pathway
---- The way to restore the Linux password below applies to different situations, and it is difficult to have different.
---- 1. Emergency repair mode ---- When you cannot start Linux, you often need to start the Linux basic environment through disks, discs, or other methods to enter Linux emergency repair mode. In emergency repair mode, you can access the Linux system file on the hard disk, and the recovery system is normal, including recovery passwords.
---- 2. Single user mode ---- Linux has multiple run levels, such as single user mode, no network service multi-user mode, full multi-user mode, and X11 multi-user mode run levels. Single user mode means that the system runs in the unique user -root user mode. When entering this mode, the system simply loads the runoffed minimum hardware configuration, directly entering the root, without password verification.
---- In single user mode, you can use the passwd command to change the user password, or you can read and write the account password files such as / etc / passwd to achieve the purpose of password recovery.
---- 3. Modify the password file ---- Linux password file has 2 save form: one is to save account information and encrypted password text in / etc / passwd file, this form is not safe enough, in early UNIX The other is to store account information and password text, / etc / passwd file is used to save account information, / etc / shadow file is used to save the password. As for what save form and encryption algorithm, you can use the / usr / sbin / authconfig program.
---- For Passwd files without shadow, just remove the password fields of the corresponding account, you can log in to the system without password verification, such as the root account of a passwd file is as follows: ---- root: $ 1 $ dPTZZYKE $ zd3vs6ycu - --- VH8RC1GWKXX01: 0: 0: root: / root: / bin / bash
---- Change it to: ---- root :: 0: 0: root: / root: / bin / bash ---- If there is a passwd file with shadow, its password field is replaced by "X" letter The password secret is stored in the shadow file. You can delete the "x" letter in the Passwd file, or delete the password ciphertice in the shadow file, you can enable the corresponding user without passing the direct login system to achieve the purpose of password recovery.
---- 4. Password Restore ---- Some cases, want to find the lost original password, not a login system to generate a new password. However, Linux uses the DES (Encrypted Functional Crypt) or MD5 (Functional MD) encryption algorithm, because of the large amount of calculation, it is almost no reversal. The DES password is a string with 13 ASCII characters, while the MD5 password ciphertext starter is always "$ 1 $".
---- Although it is difficult to retrieve, it is not impossible to find the original password through the mouthpiece, and extract strings from a dictionary or some characters, the same encryption algorithm extracted. Encryption, the ciphertext will be compared to the password, if consistent, the string is the original password to achieve the purpose of the password restoration. If the password is complicated, it is difficult to find the original password, but the user will have a general impression of the length of your own password, which makes the probability of success will be greater.
---- Crack the tools for cracking the Linux password, such as John the Ripper, CRACK BY ALEX Muffett and Cracker Jack, etc., where John The Ripper is the most powerful, and the speed is the fastest.
---- 5. System Attack Crack ---- If you can turn off the power to restart the system, it is easy to recover the password, but it is sometimes a very important service on the Linux system, and the power cannot be turned directly, otherwise the system and data will be destroyed.
---- A system password is often more difficult to get in the case of system operation, but because system administrators have a comprehensive understanding of the operating system and application version, configuration, etc., plus no firewall and Intrusion detection system, the opportunity to discover and use system vulnerabilities is still a lot, and the successful chance of password recovery is still.
---- The content involved in this regard is too complicated, and there is not much introduction here. If there is a need in this regard, it is best to help from professionals to avoid the system and data.
Second, how to enter emergency repair mode
---- Due to various reasons such as hardware and software failure, error configuration, it is impossible to enter emergency repair mode, which is possible to solve problems, at least to copy important files.
---- The method of entering the emergency repair mode is not complex, and enter the following parameters at the boot prompt: ---- Boot: Linux Rescue
---- You can get the boot prompt by the following method.
Use Linux that is issued with the disk or the installation boot floppy feature written by the boot.img file, usually this requires emergency repair discs or installation discs or ISO files on the hard disk to boot into the emergency repair mode. The emergency repair disk can be written by the rescue.img file or distributed. After Redhat Linux 6.1, Redhat no longer provides emergency repair disc (there is no rescue.img file in the installation CD), but it is done directly on the installation disc. Use the installation disc to boot the system. The PCMCIA boot disk boot system written by the BootNet.Img file or the PCMCIA.img file, this method first ensures that the network connection is normal and needs to determine the network host and transmission type.
---- Redhat Linux 7.2 and its later version, you can choose whether to automatically attempt to install the Linux installed on the hard disk to directory / MNT / SYSIMAGE, otherwise, use the mount command to manually load. ---- Simple steps, enter the emergency repair mode. The prompt is presented on the virtual console VC 1 and VC 2 to run the command maintenance system. Switch to VC1 with CTRL Alt F1 key, switch to VC 2 with Ctrl Alt F2 key.
---- If you choose to load, use the chroot command to make the current operating environment to resolve Linux, then you can change the user password directly with the passwd command: ---- Bash # chroot / mnt / sysimage
---- If there is no automatic loading, you need to run the mount command to load the Linux partition, and enter the following command: ---- Bash # mount -t ext3 / dev / hda5 / foo
---- Directory / FOO is created by the user yourself, / dev / hda5 is the Linux partition we want to load, if the partition type is EXT2, then in the command line in EXT3 is replaced with EXT3.
--- Here, you can read and write files, maintain the system, including repair passwords with CHMOD, VI, FSCK.
Third, how to enter a single user mode
---- With the emergency repair mode can only load the file system on this machine Linux, the single user mode is a run level after the local Linux kernel boot startup (running level 1), can make the kernel upgrade, equipment Installation and other maintenance work. When system maintenance, system administrators often enter single-user mode to maintain the system, and enter the emergency repair mode is the system maintenance method that does not have to be adopted when Linux cannot start.
---- Linux kernel starts after starting, through the launchler init, complete your own boot process, so the init process is always the first process, the process number is always 1. The init program has many important responsibilities, such as starting Getty, implementing running levels and calling sub-process, etc., is one of the necessary programs in the Linux system.
---- The method of entering the single-user mode mentioned below, is essentially requested to run the run level 1 to the init program to reach the purpose of entering the single user mode.
---- 1. The init program ---- The system is running, and the program init can change the run level (/ sbin / telinit just the symbolic link of the program init, and can be used), and enter the single user mode for the following command: --- - #init 1
---- Because it is on a running system, and only the root user has permission to execute the init command, this approach is often used in system maintenance, but the means recovery is not large.
---- 2. Modify the default Run Level ---- / etc / inittab file is the configuration file for the system run level. Whenever the init process is started, the init program reads the appropriate configuration in the / etc / inittab file and runs.
---- When the Linux system is started, the / etc / inittab file has the following line to specify the default run level, and the usual run level is 3 or 5. ---- ID: 3: INITDEFAULT:
---- To enter the system to enter the single user mode, just change 3 of the above line to 1. ---- ID: 1: INITDEFAULT:
---- 3. Boot disk boot ---- When the Linux system is started, the init read / etc / inittab configuration enters the default run level, but it can also specify a startup parameter for the kernel. The kernel will set a specific device and environment variable according to this parameter. For parameters that cannot be accepted, it will be passed to the first program after the kernel is started, that is, the init program, the init program is started to enter the non-default run level, such as the specified parameter is 1 or Single enters the run level 1, ie single user mode . The specification of the kernel startup parameters can be specified by the execution of the system boot floppy disk, multiple starter or program loadlin, etc. ---- When the system maintenance or kernel is updated, it is often used to the current Linux system boot disk. When the system is installed, the user is prompted to make a label, and can be made after the system installation is complete, and the following is a simple example.
---- Place the floppy disk in the floppy drive, use the uname command to view the system kernel version number, then create the boot disk with the mkbootdisk command, the command input is as follows: ---- #uname -r ---- 2.4.7-10 ---- #mkbootdisk -Device / dev / fd0 2.4.7-10
---- Boot drive, in the boot prompt, "Linux
"The grammatical form inputs one of the following parameters, that is, booting the single user mode is as follows:
---- Boot: Linux 1 ---- Boot: Linux Single
---- 4. Multi-Start Manager ---- Multiple Start Manager is a boot program that can be used when system startup is used to load an operating system, which can load the kernel and initialization operating system (such as Linux or FreeBSD). Or give the guide to the operating system (such as DOS or Windows) to complete the boot. Intel Compatible with multiple boot managers on the PC include LILO and GRUB, etc., using Milo, SPARC-compatible workstations on Alpha PCs with SILO.
---- Specify starting parameters for the Linux kernel to guide the single user mode in the multi-start manager. Take Linux on the Intel Compatible PC as an example, if LILO is installed, in the LILO boot screen, press the Ctrl X key to switch to the command line, and enter one of the same parameters as the boot disk boot boot prompt at the LILO prompt. You can boot into the single user mode:
---- After Redhat Linux 7.2, multiple boot managers start with GRUB instead of LILO, which has more advantages than LILO, which is a substitute for LILO. Below is the process of GRUB booting into a single user mode.
When the GRUB boot screen appears, press the letter E key to enter the GRUB editing state. Press the ↑ button or ↓ button to select the corresponding boot item and then connect the alphabet E key to the command line editing. Add "1" or SINGLE to the command line that appears, and press
Key, return to GRUB editing status.
Press the letter B key to boot into single user mode.
---- From the above, it can be seen that the importance of the LINUX system startup and maintenance, so it is recommended to install multiple restart managers when installing Linux, which is convenient for future system maintenance, even if it is installed on the host. Linux an operating system.
---- 5. Loadlin boot ---- LoadLin is a loader that starts the Linux core under DOS, which can enter Linux or install Linux system from DOS. This program is often used if you do not install multiple boot managers or configure incorrectly.
---- Add a single user mode to add a Single parameter in the Loadlin launch command. If the Windows 9x system is installed on the host, press F8 to enter MS-DOS when the system is started, and run the LoadLin program boot into single user mode. Here is an instance of launch, no Windows 9x is installed on the host, and DOS is not installed. Boot boot in Windows 98 installation, select Section 2 on "Microsoft Windows 98 Startup Menu": "Start Computer with CD-ROM Support.". After entering MS-DOS, in the CD-ROM drive to the Redhat Linux installation disc. In the command line, enter the following command to boot the Linux single user mode, assume the Linux root file system on partition / dev / hda5: A:> D: D:> CD DosuTils D: dosutils> Loadlin Autobootvmlinuz root = / dev / hda5 RO Single
---- In the boot prompt of the boot disk, under the command line of LILO and GRUB, you can configure a lot of parameters to boot into the system on the LoadLin program, it is important to maintain system maintenance, you can refer to bootprompt -Howto.
---- The method mentioned above needs to read and write the Linux files such as / etc / passwd, / etc / inittab, but in normal conditions, only root users can log in to read and write. So how can these files read and write when they cannot log in normally?
---- In addition to the following methods, the following methods can be used in addition to the following methods, in addition to the following methods, in addition to the following methods.
By the Linux system floppy drive, you can enter the Linux system; enter the Linux system CD, such as DEMOLINUX; read Linux files under DOS / Windows, almost all versions of DOS / Windows do not provide support for Linux file systems, but With many software, you can implement, such as FSDext2, Ext2FSNT, EXT2IFS, EXT2 Tools, LTools, and Explore2FS, etc., as well as Microsoft IFS Kit; through the second hard disk.
---- The various Linux port mentioned above, the reader can combine its own actual situation, select a simple and easy way to restore their own Linux password. It can be seen that others can easily get Linux passwords in the local restart system, so in order to strengthen system security, it is necessary to set the password in the startover (such as LILO and GRUB) and BIOS, so that others can't succeed, more important Is to strengthen safety management.
---- (Author Address: 2 / F, Science and Technology Center, Science and Technology Center, Nanxing Third Road, Guicheng District, Guangdong Province, 528200) Http://www.pcworld.com.cn/
