diff options
-rw-r--r-- | _posts/2015-03-28-reset-forgotten-password-on-luks-encrypted-ubuntu.markdown | 34 | ||||
-rw-r--r-- | assets/images/ubuntu-grub.png | bin | 0 -> 32135 bytes | |||
-rw-r--r-- | assets/stylesheets/site.scss | 14 | ||||
-rw-r--r-- | theatre/index.html | 2 |
4 files changed, 47 insertions, 3 deletions
diff --git a/_posts/2015-03-28-reset-forgotten-password-on-luks-encrypted-ubuntu.markdown b/_posts/2015-03-28-reset-forgotten-password-on-luks-encrypted-ubuntu.markdown new file mode 100644 index 0000000..1c30045 --- /dev/null +++ b/_posts/2015-03-28-reset-forgotten-password-on-luks-encrypted-ubuntu.markdown @@ -0,0 +1,34 @@ +--- +title: How to Reset a Lost Password on a LUKS-Encrypted Disk in Ubuntu Linux +description: I recently needed to reset a lost password on an Ubuntu installation. But the LUKS encryption on the disk gave me some challenges. Here's what I did. +layout: post +category: writing +date: 2015-03-28 00:00:00 +--- + +Here's the situation I recently found myself in: + +* Ubuntu Linux 14.10 +* Unknown password for user account +* Unknown (but set) root password (Ubuntu's philosophy is to use `sudo` for everything) +* LUKS encrypted filesystem (known passphrase) +* Physical access to the computer + +I needed to reset my account password. Normally, with physical access to a machine, all bets are off when it comes to security. I tried booting up the machine into [recovery mode](https://wiki.ubuntu.com/RecoveryMode) by holding down <kbd>shift</kbd> as soon as the BIOS had finished loading. But when I selected the "Drop to root shell" option, I was prompted to enter the unknown root password. + +My second approach was to boot into single user mode by editing the GRUB command script. + +<div class="center"><a href="/assets/images/ubuntu-grub.png"><img src="/assets/images/ubuntu-grub.png" alt="Ubuntu's GRUB menu"></a></div> + +By going down to the recovery mode option and hitting <kbd>e</kbd>, you can edit the GRUB commands. By adding <code>init=/bin/bash</code> at the end of the line beginning with <code>linux</code> that specifies the boot image, you can specify an initial shell to use. Then I hit <kbd>F10</kbd> to boot. + +After waiting for about 30 seconds or a minute, I saw a message that waiting for the root device (the locked disk) had timed out. I was then dumped into an [initramfs](https://wiki.ubuntu.com/Initramfs) shell. From there, I was able to unlock the disk by running <code>cryptsetup luksOpen /dev/sda3 sda3_crypt</code>. + +Next, I mounted the freshly-unlocked disk with <code>mount -o rw /dev/sda3 /root</code>, taking advantage of the pre-existing empty directory. From there, I used <code>chroot</code> to run <code>passwd</code> in the OS. + + $ chroot /root passwd + $ chroot /root passwd myUserName + +By running these commands, I successfully reset both the root password as well as the password for my account. From there, I was able to restart the machine and boot normally. + +*Is something here incorrect? Know of a better way to do it? Let me know [@bburwell](https://twitter.com/bburwell).* diff --git a/assets/images/ubuntu-grub.png b/assets/images/ubuntu-grub.png Binary files differnew file mode 100644 index 0000000..358c626 --- /dev/null +++ b/assets/images/ubuntu-grub.png diff --git a/assets/stylesheets/site.scss b/assets/stylesheets/site.scss index a2ae002..abf7ace 100644 --- a/assets/stylesheets/site.scss +++ b/assets/stylesheets/site.scss @@ -86,7 +86,7 @@ table { margin-bottom: 1em; } -td { +table.data-table td { font-size: 0.8em; padding: 0.5em; vertical-align: top; @@ -111,6 +111,16 @@ code { // color: $base1; } +kbd { + font-size: 0.7em; + border: 1px solid $base1; + border-radius: 3px; + padding: 1px 5px; + border-bottom-width: 2px; + color: $base01; + font-family: $monospace; +} + footer { font-family: $monospace; text-align: center; @@ -170,7 +180,7 @@ header { } } -.about { +.about { width: 80%; margin-left: auto; margin-right: auto; diff --git a/theatre/index.html b/theatre/index.html index 71d4067..c10ab19 100644 --- a/theatre/index.html +++ b/theatre/index.html @@ -6,7 +6,7 @@ description: Mostly for my own reference, here’s a list of shows I’ve worked <h1>Theatrical Credits</h1> -<table> +<table class="data-table"> {% for show in site.data.shows %} <tr> <td><i>{{ show.name }}</i></td> |