Root Password’s Hash Injection Into Linux Image File

.

Resetting-a-Forgotten-Root-Password-2Here i will show you how to set the root password permanently in the image. As an example i will use the following image: http://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Base-20141203-21.i386.qcow2. This image is cloud-aware image and it is in qcow2 format. You need to install the following: “guestfish” and “libguestfs-tools”:

# yum install guestfish libguestfs-tools

To generate an encrypted password:  # openssl passwd -1 Your-Password

I will set the root password as “binan” but you need to choose a strong password:

# openssl passwd -1 binan
$1$PNq4EoLe$EFwgE1BVdVG3uXqv05Pb5/

Now i will set the generated hash value in the file “/etc/shadow” in the image file. This is done by executing (guestfish –rw -a <image-name>):

# guestfish –rw -a /home/binan/Downloads/Fedora-Cloud-Base-20141203-21.i386.qcow2

><fs> run

><fs> list-filesystems

/dev/sda1: ext4

><fs> mount /dev/sda1 /

><fs> vi /etc/shadow

Now i will write the hash value of the password ($1$PNq4EoLe$EFwgE1BVdVG3uXqv05Pb5/) in its place:

root:$1$PNq4EoLe$EFwgE1BVdVG3uXqv05Pb5/::0:99999:7:::

If the root password in the image file is locked, replace the word “locked” with the generated hash. Now each instance created from this image will have “binan” as root password.

Note: After mounting the file system you can do whatever you want. This is not restricted to the “/etc/shadow” file.

To set different root passwords for different instances, use “cloud-init”.

 


Root Password Injection Into Openstack Instance

.

To inject a root password into Openstack instance on Nova boot, you need to enable it. Follow these simple steps:

  • Install “libguestfs” on Nova compute node:

# yum install libguestfs python-libguestfs libguestfs-tools-c

  • Open the file “/etc/nova/nova.conf ” and update these lines:

inject_password=true
inject_key=true
inject_partition=-1

  • Restart nove-compute: # service openstack-nova-compute restart
  • Open the file “/usr/share/openstack-dashboard/openstack_dashboard/loal/local_settings.py” and enable setting root password:

OPENSTACK_HYPERVISOR_FEATURES = {
…..
‘can_set_password’: True,
}

Now you can set root password on dashboard when you launch your instance under “Access & Security” tab.

Screenshot from 2015-03-16 16:20:45