I have a RaspberryPI with Raspbian I can ssh to it as I previously swapped keys, I can even run sudo without having to enter a password.
But I have forgotten what the password is, given my current level of privileges is it possible to somehow recover the pw?
TIA, RenMas
RL> I have a RaspberryPI with Raspbian I can ssh to it as I previously RL> swapped keys, I can even run sudo without having to enter a password. RL> RL> But I have forgotten what the password is, given my current level of RL> privileges is it possible to somehow recover the pw? RL> RL> TIA, RL> RenMas Who is Richard Lewis!? I posted as RenagadeMaster!
RenMas
CE> > But I have forgotten what the password is, given my current level of CE> > privileges is it possible to somehow recover the pw? CE> CE> sudo su - CE> passwd username CE> to reset the password for username
That worked beautifully. Thank you everyone for your replies.
RenMas
ssh into it. Are you root? No? sudo su - You're now root! passwd to reset the root password passwd username to reset the password for username
-- Chris Elvidge, England
Apparently not...
-- If you tell a lie big enough and keep repeating it, people will eventually come to believe it. The lie can be maintained only for such time as the State can shield the people from the political, economic and/or military consequences of the lie. It thus becomes vitally important for the State to use all of its powers to repress dissent, for the truth is the mortal enemy of the lie, and thus by extension, the truth is the greatest enemy of the State.
Joseph Goebbels
not without a deal of luck. Encryption is a one way process. Wjat happens AFAIK is that when you entger a password, the salt is taken frn m te first part of what is stired and the envryption process generates the second part. If they match that was the right password. If not keep trying :-)
easy enough to give yourself a new one tho...
as root, # passwd
...
-- If you tell a lie big enough and keep repeating it, people will eventually come to believe it. The lie can be maintained only for such time as the State can shield the people from the political, economic and/or military consequences of the lie. It thus becomes vitally important for the State to use all of its powers to repress dissent, for the truth is the mortal enemy of the lie, and thus by extension, the truth is the greatest enemy of the State. Joseph Goebbels
On Thu, 07 Feb 2019 07:36:15 +1300, snipped-for-privacy@f317.n49.z1.binkp.net (Richard Lewis) declaimed the following:
Not according to your headers:
From: snipped-for-privacy@f317.n49.z1.binkp.net (Richard Lewis)
-- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
On Thu, 7 Feb 2019 13:47:46 +0000, Chris Elvidge declaimed the following:
NOTE: for security, it is considered better not to have a root password at all, requiring one to log in as a regular user and rely upon sudo to gain root privileges temporarily.
The RPi is a bit lax in that it also doesn't require the user password in order to access sudo (BeagleBone configuration requires knowing the user password -- which prevents passers-by from doing stuff to an unlocked SSH session )
FOR THE OP: one can never "recover" a password in Linux. Passwords are (or were, last time I checked) passed through a one-way hash function with a randomly selected "salt" (the salt is used as a prefix to the stored value, so logging in can use the same salt with the user provided password, which then generates the same hash code if valid). The best one can do, if one has access to the passwd file (or, in more secure configurations, the shadow passwd file) is read the hash value, then attempt to create a password that generates the same hash value when using the same "salt".
-- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
Mine was like that when I first bought it, but upgrading to either jessie or stretch fixed sudo so it requires a password like all sensible Unices. I forget which one it was that introduced the change.
How come your RPi still doesn't require a password for sudo?
-- Martin | martin at Gregorie | gregorie dot org
It's less for security surely than to provide auditing information which will show *who* was using root privilege.
On a single user system it doesn't really add anything, there's only 'me' going to be root.
-- Chris Green
You changed it, because Raspbian didn't change.
It gives reasonable fatfingering protection.
-- Martin | martin at Gregorie | gregorie dot org
Not that I remember, but I DO remember being moderately surprised when it started asking for a password. Almost as much when I discovered that Raspbian, alone of all the various Unices I've used, didn't require a password for sudo.
-- Martin | martin at Gregorie | gregorie dot org
That's the same as it ever was in the newest download. What's in your sudoers file/directory? See sudo visudo.
mine did and still does.
-- ?Those who can make you believe absurdities, can make you commit atrocities.? M. de Voltaire
That is one of the more important benefits in a production environment, although to do it well takes a carefully written sudoers and auditing everything that can be run as root for shell escapes.
It does tend to encourage only using root privileges when they're really needed rather than doing a bunch of routine things as root just because one of them needed the privileges.
-- Steve O'Hara-Smith | Directable Mirror Arrays C:\>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
+1.
That is handy on a desktop. Less so on a Pi where one suspects the whole thing is a single use device.
-- "The great thing about Glasgow is that if there's a nuclear attack it'll look exactly the same afterwards." Billy Connolly
ITYM man sudoers
To answer your points, 'authenticate' is not specified in /etc/sudoers on my RPi
I don't use the pi login and never have done: when I first got my RPi (back when the 512MB B was the latest thing, I set up another user with the same name as my main user on my other Linux systems so that "ssh hostname" works as a convenient shortcut. At the time I set this user to
ALL=(ALL)ALL NOPASSWD: ALL
in /etc/sudoers by copying the 'pi' line and also made sure the default path included /usr/local/sbin and /usr/local/bin. Then I saved a copy of / etc/sudoers in a safe place and committed that to my CVS repository.
The copy in the repository is dated 1 Oct 2015 so that is the last time I touched /etc/sudoers. However, the active version is dated 4 Aug 2017, so evidently it got updated then during one of my weekly system updates. Diffing my copy against the current active copy shows that in 2017 NOPASSWD: was removed from both the pi and my login entry.
Since I never use the 'pi' login, its vanishingly unlikely I'd have edited it too and, since I'm a version control addict its equally unlikely that I'd have changed /etc/sudoers without (a) making a safety copy and (b) committing the change in CVS because that is my SOP.
Ergo, this change to the sudo configuration was made on 4 Aug 2017 and was the result of an APT upgrade.
-- Martin | martin at Gregorie | gregorie dot org
Martin Gregorie wrote, on 08-02-2019 12:46:
Almost certainly their mistake for not considering people use other logins than pi. That happens a lot. A fresh install still has:
pi ALL=(ALL) NOPASSWD: ALL
(No longer in /etc/sudoers but in /etc/sudoers.d/010_pi-nopasswd. This move was when you saw the change.)
No, unless your password is weak and can be brute forced by a tool like John the Ripper. But since you can sudo, you can always
sudo passwd pi
and not have to provide the current password.
-- Consulting Minister for Consultants, DNRC I can please only one person per day. Today is not your day. Tomorrow isn't looking good, either. I am BOFH. Resistance is futile. Your network will be assimilated.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.