Docu review done: Mon 06 May 2024 09:20:27 AM CEST

Debian

Table of Content

• Reset root pwd via grub
  • passwd way
  • nano way
• Prevent login with empty password

Reset root pwd via grub

reboot system and wait until you see the grub menu and press e

Now you will get a login mask or the grub config. Go to that line linux image line and appand.

init=/bin/bash

To run that configuration now press <CTRL>-x

After the system got booted you need to mount the root partition.

$ mount -rw -o remount /

It could be that an error occurs, than just redo it. Now you have the root fs mounted and can modify either with passwd or nano the pwd.

passwd way

$ passwd
new password: **********
repeat new password: **********

nano way

$ nano /etc/shadow

Now remove the string beween the first and second :.

After you have modified somehow the password sync it to the fs.

$ sync

if you have just removed the pwd with nano, open a tty connection to the server and just use as user root, than you will get asked to set a new pwd

after that you can ssh as usual, become root with new pwd and set a good one

Prevent login with empty password

Since passwd package version 4.11.1 a new config parameter got introduced called PREVENT_NO_AUTH.

This config allows the system to deny logins with empty password.

Prevents an empty password field to be interpreted as “no authentication required”.

Set to “yes” to prevent for all accounts

Set to “superuser” to prevent for UID 0 / root (default)

Set to “no” to not prevent for any account (dangerous, historical default)

So if your root login without pwd is not working any more (which is good anyway), checkout /etc/login.defs as this is set to superuser per default.