New Snapshot password problem recognized [Solved]

[dolphin_oracle]

we can simulate the change that snapshot tries to do to passwords, to try to find some problem with the routine.

this short one-line script will do the simulation. we do this on the installed system with your regular user. no file or password will be changed.

while logged in as your usual user:

Code: Select all

user="$(whoami)"; sudo grep $user /etc/shadow; hash=$(sudo mkpasswd -m sha-512 "demo");echo "demo hash is $hash"; sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user

which should give output like this:

Code: Select all

user="$(whoami)"; sudo grep $user /etc/shadow; hash=$(sudo mkpasswd -m sha-512 "demo");echo $hash; sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user
dolphin:$y$j9T$XsM3CedToRpZOtVqy/c4i/$7qyhMMgtX.h4dA22vFZBrrgrrPs5rqRlhhXq31FPKq1:18936:0:99999:7:::
$6$a8SqKyQsEtW.yANz$BTF4QfOghlnAAc2y4ISHAHTX0Og1GvGIyu022a9XXxqw78pFQQg3bKbCOgYclDe/OwXJNNB5CbuY2hvKQ/dSf/
dolphin:$6$a8SqKyQsEtW.yANz$BTF4QfOghlnAAc2y4ISHAHTX0Og1GvGIyu022a9XXxqw78pFQQg3bKbCOgYclDe/OwXJNNB5CbuY2hvKQ/dSf/:18936:0:99999:7:::

these are one-way hashes, so no worries about sharing them. we can't reverse engineer a password.

the first line is the original line in /etc/shadow
the second line is the hash generated for the demo account for the snapshot
the third line is the changed line, which in snapshot is the target /etc/shadow in the snapshot, not the real one, but we pretend here. again, the etc/shadow file is not modified in any way in this test, and no passwords are actually changed.

[user-green]

klamaux wrote:

I wanted to open thunar with root access. Something like sudo thunar or gparted (for what you need administrator rights) to manage the partitions for example.
In the last time it changed from typing "root" to "demo". I think, because the sudo operation is more secure than to log in as root.

I think in all my 1000 linux installations I never used demo as username, but many different names
and my password was never the username. Perhaps next time...... :))

I could not catch what you are talking about. "demo" is usable to open gui prompt of snapshot here, so I can not confirm this case. I think you somehow modified account settings by yourself. As a result, you might encountered an unusual situation, I think.

[klamaux]

did the root account password change to root? (the live system should always have a root account)

I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

[fehlix]

did the root account password change to root? (the live system should always have a root account)

I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

[klamaux]

did the root account password change to root? (the live system should always have a root account)

I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

Hi Fehlix,
here is the output attached in jpg

[klamaux]

we can simulate the change that snapshot tries to do to passwords, to try to find some problem with the routine.

this short one-line script will do the simulation. we do this on the installed system with your regular user. no file or password will be changed.

while logged in as your usual user:

Code: Select all

user="$(whoami)"; sudo grep $user /etc/shadow; hash=$(sudo mkpasswd -m sha-512 "demo");echo "demo hash is $hash"; sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user

which should give output like this:

Code: Select all

user="$(whoami)"; sudo grep $user /etc/shadow; hash=$(sudo mkpasswd -m sha-512 "demo");echo $hash; sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user
dolphin:$y$j9T$XsM3CedToRpZOtVqy/c4i/$7qyhMMgtX.h4dA22vFZBrrgrrPs5rqRlhhXq31FPKq1:18936:0:99999:7:::
$6$a8SqKyQsEtW.yANz$BTF4QfOghlnAAc2y4ISHAHTX0Og1GvGIyu022a9XXxqw78pFQQg3bKbCOgYclDe/OwXJNNB5CbuY2hvKQ/dSf/
dolphin:$6$a8SqKyQsEtW.yANz$BTF4QfOghlnAAc2y4ISHAHTX0Og1GvGIyu022a9XXxqw78pFQQg3bKbCOgYclDe/OwXJNNB5CbuY2hvKQ/dSf/:18936:0:99999:7:::

these are one-way hashes, so no worries about sharing them. we can't reverse engineer a password.

the first line is the original line in /etc/shadow
the second line is the hash generated for the demo account for the snapshot
the third line is the changed line, which in snapshot is the target /etc/shadow in the snapshot, not the real one, but we pretend here. again, the etc/shadow file is not modified in any way in this test, and no passwords are actually changed.

Hi dolphin ,
here the output of your script.
i blacked the username by xxxxx

[fehlix]

I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

Hi Fehlix,
here is the output attached in jpg

Thanks.
At least the text picture shows the passwords have been reset.
Actually, it would be helpful to post text as text and not as picture/image.
Would you mind to post the above as text, I'd try to avoid to do a OCR scan, to get the text,
so I can check the password did real changed to the defaults.

Ok, now assuming the password are changed.

Can we check what is actually on the Snapshot ISO:

Please do this:
Open terminal within the directory the snapshot-iso is located.
First let's mount the iso:

Code: Select all

sudo isomount snapashot-iso-name-here.iso

Now, we have a look into hashs and group member ship:
Show groups 'demo' is in:

Code: Select all

grep  demo /mnt/iso/sq1/etc/group

Show the hash's for both root and demo:

Code: Select all

sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow

Ok, when done close the iso-mounts

Code: Select all

sudo isoumount all

And as mentioned, please post command output as text - as I tend to ignore text-pics
Thanks

[klamaux]

First: thank you for a all you do to solve the mystery about that.
I will send you the resume of your skripts in textform as soon I will be home at my system.
Ciao

[klamaux]

On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

Hi Fehlix,
here is the output attached in jpg

Thanks.
At least the text picture shows the passwords have been reset.
Actually, it would be helpful to post text as text and not as picture/image.
Would you mind to post the above as text, I'd try to avoid to do a OCR scan, to get the text,
so I can check the password did real changed to the defaults.

Ok, now assuming the password are changed.

Can we check what is actually on the Snapshot ISO:

Please do this:
Open terminal within the directory the snapshot-iso is located.
First let's mount the iso:

Code: Select all

sudo isomount snapashot-iso-name-here.iso

Now, we have a look into hashs and group member ship:
Show groups 'demo' is in:

Code: Select all

grep  demo /mnt/iso/sq1/etc/group

Show the hash's for both root and demo:

Code: Select all

sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow

Ok, when done close the iso-mounts

Code: Select all

sudo isoumount all

And as mentioned, please post command output as text - as I tend to ignore text-pics
Thanks

I put all your scripts and outputs in one file attached.
hope that helps to recognize the problem

[fehlix]

I put all your scripts and outputs in one file attached.
hope that helps to recognize the problem

Thanks. Hmm... that's a PDF not a text file...
Anyway. Let's see:
The iso-check to see whether we have the default passwords for root and demo on the ISO:
This is on the PDF file:

Code: Select all

sudo isomount snapshot-20221031_1539.iso
sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow
root:$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/:19090:0:99999:7:::
demo:$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/:19274:0:99999:7:::

let's verify the passwords using "mkpasswd password hash"-check:
demo:

Code: Select all

HASH='$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/'
mkpasswd demo "$HASH"
$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/

root:

Code: Select all

root:$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/:19090:0:99999:7:::
HASH='$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/'
mkpasswd root "$HASH"
$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/

Seem's demo and root password are set on the ISO as it should be, as "demo" and "root".
Next, the scripts by DO:
On the PDF is seen this - wrapping into one line per command.

Code: Select all

user="$(whoami)"; 
sudo grep $user /etc/shadow; 
hash=$(sudo mkpasswd -m sha-512 "demo");
echo "demo hash is $hash"; 
sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user

and you posted on the pdf this:

Code: Select all

user:$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1:19274:0:99999:7:::
demo hash is $6$uHdAK1R3ATVMIKDC$bDNHa6yDOVWh59GIkB1f3bbZ8dmhS6SybhG7S9s3o5oXqFFCfnrrTYUMCjqEjkBDAH9F6erq/0VQ71yyJccul.
user:$6$uHdAK1R3ATVMIKDC$bDNHa6yDOVWh59GIkB1f3bbZ8dmhS6SybhG7S9s3o5oXqFFCfnrrTYUMCjqEjkBDAH9F6erq/0VQ71yyJccul.:19274:0:99999:7:::

The last two lines are fine and can verified to be valid has of demo passwords.
Now, let's look the first line, which shows the hash of the current user password:

Code: Select all

user:$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1:19274:0:99999:7:::

let's try this test:

Code: Select all

HASH='$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1'
mkpasswd demo "$HASH"
$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1

Ooops.. the dispayed user password on the installed system is "demo"
But, this type of hash is not what normally the MX-Instalelr would generated,
b/c user passwords on installed don't use sha-512 "$6$' password hash#s but "$y$"-yescrypt -hash.
...
So, I'm not sure what all this is about.
The passwords on the snapshot-ISO are defaults.
The user password on installed system password shown is "demo",
The password hash is not one, which MX installer would create.
The information provided so far is inconsistent regarding the issue mentioned.