RL> I have a RaspberryPI with Raspbian I can ssh to it as I previously RL> swapped keys, I can even run sudo without having to enter a password. RL> RL> But I have forgotten what the password is, given my current level of RL> privileges is it possible to somehow recover the pw? RL> RL> TIA, RL> RenMas Who is Richard Lewis!? I posted as RenagadeMaster!
CE> > But I have forgotten what the password is, given my current level of CE> > privileges is it possible to somehow recover the pw? CE> CE> sudo su - CE> passwd username CE> to reset the password for username
That worked beautifully. Thank you everyone for your replies.
-- If you tell a lie big enough and keep repeating it, people will eventually come to believe it. The lie can be maintained only for such time as the State can shield the people from the political, economic and/or military consequences of the lie. It thus becomes vitally important for the State to use all of its powers to repress dissent, for the truth is the mortal enemy of the lie, and thus by extension, the truth is the greatest enemy of the State.
not without a deal of luck. Encryption is a one way process. Wjat happens AFAIK is that when you entger a password, the salt is taken frn m te first part of what is stired and the envryption process generates the second part. If they match that was the right password. If not keep trying :-)
easy enough to give yourself a new one tho...
as root, # passwd
...
--
If you tell a lie big enough and keep repeating it, people will
eventually come to believe it. The lie can be maintained only for such
time as the State can shield the people from the political, economic
and/or military consequences of the lie. It thus becomes vitally
important for the State to use all of its powers to repress dissent, for
the truth is the mortal enemy of the lie, and thus by extension, the
truth is the greatest enemy of the State.
Joseph Goebbels
On Thu, 7 Feb 2019 13:47:46 +0000, Chris Elvidge declaimed the following:
NOTE: for security, it is considered better not to have a root password at all, requiring one to log in as a regular user and rely upon sudo to gain root privileges temporarily.
The RPi is a bit lax in that it also doesn't require the user password in order to access sudo (BeagleBone configuration requires knowing the user password -- which prevents passers-by from doing stuff to an unlocked SSH session )
FOR THE OP: one can never "recover" a password in Linux. Passwords are (or were, last time I checked) passed through a one-way hash function with a randomly selected "salt" (the salt is used as a prefix to the stored value, so logging in can use the same salt with the user provided password, which then generates the same hash code if valid). The best one can do, if one has access to the passwd file (or, in more secure configurations, the shadow passwd file) is read the hash value, then attempt to create a password that generates the same hash value when using the same "salt".
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
Mine was like that when I first bought it, but upgrading to either jessie or stretch fixed sudo so it requires a password like all sensible Unices. I forget which one it was that introduced the change.
How come your RPi still doesn't require a password for sudo?
Not that I remember, but I DO remember being moderately surprised when it started asking for a password. Almost as much when I discovered that Raspbian, alone of all the various Unices I've used, didn't require a password for sudo.
That is one of the more important benefits in a production environment, although to do it well takes a carefully written sudoers and auditing everything that can be run as root for shell escapes.
It does tend to encourage only using root privileges when they're really needed rather than doing a bunch of routine things as root just because one of them needed the privileges.
--
Steve O'Hara-Smith | Directable Mirror Arrays
C:\>WIN | A better way to focus the sun
The computer obeys and wins. | licences available see
You lose and Bill collects. | http://www.sohara.org/
To answer your points, 'authenticate' is not specified in /etc/sudoers on my RPi
I don't use the pi login and never have done: when I first got my RPi (back when the 512MB B was the latest thing, I set up another user with the same name as my main user on my other Linux systems so that "ssh hostname" works as a convenient shortcut. At the time I set this user to
ALL=(ALL)ALL NOPASSWD: ALL
in /etc/sudoers by copying the 'pi' line and also made sure the default path included /usr/local/sbin and /usr/local/bin. Then I saved a copy of / etc/sudoers in a safe place and committed that to my CVS repository.
The copy in the repository is dated 1 Oct 2015 so that is the last time I touched /etc/sudoers. However, the active version is dated 4 Aug 2017, so evidently it got updated then during one of my weekly system updates. Diffing my copy against the current active copy shows that in 2017 NOPASSWD: was removed from both the pi and my login entry.
Since I never use the 'pi' login, its vanishingly unlikely I'd have edited it too and, since I'm a version control addict its equally unlikely that I'd have changed /etc/sudoers without (a) making a safety copy and (b) committing the change in CVS because that is my SOP.
Ergo, this change to the sudo configuration was made on 4 Aug 2017 and was the result of an APT upgrade.
No, unless your password is weak and can be brute forced by a tool like John the Ripper. But since you can sudo, you can always
sudo passwd pi
and not have to provide the current password.
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.