|
From: | Dorehami Serehami |
Subject: | problems with encrypted passwords |
Date: | Tue, 19 Jan 2021 08:42:45 -0800 |
Hello Grub maintainers,
I'm trying to secure GRUB on a Linode server I have. I'm following some instructions I've found on securing GRUB. I've managed to get it working with a plaintext password, but not with an encrypted password.
Here's a simple set of steps to set up the plaintext password:
Start with a fresh Linode based on Debian 10 (I have also tried ubuntu 20.04 LTS, with the same results)
Do the following:
cd /etc/grub.d
cat >> 40_custom << EOF
set superusers="root"
password root testing
EOF
update-grub
Now connect to the Linode through Lish (Linode's out-of-band console solution), using SSH.
reboot the Linode, and in the Lish session, hit enter when the GRUB menu comes up. You should be prompted for user and password. Supplying root/testing should work.
However, as soon as I add the instructions for encrypting the password, things don't work. All I do is:
grub-mkpasswd-pbkdf2
, supplying it with "testing" as the password to encrypt.password root testing
" in the 40_custom
file with the line "password_pbkdf2 root grub.pbkdf2.sha512.10000.BCCF091DF7444EF71031E2CAD5C455BD70D00400A1541949CB51C8E7D7F8EC0C1595D74327D1A8E025A1D09552694E40E4D6EB4625D46F7A45BCE86F5C449FAA.247D38CB87C4DA386F22C96A6F390171EA2768D3463EF285C80856639E9934A5DCBFA9CB813AD6EC3D7B3FEF6183F09620A68D2B25C1060B6AACE82686ECF5B4
". (if you run the command in step 1, you may get a different password hash).update-grub
The version of Grub being used is 2.02+dfsg1-20+deb10u2.
If you want to reproduce the above on a Linode, you could easily sign up for a trial account on Linode. But hopefully it is reproducible in other settings.
Is this a known issue? Can you suggest a way to work around this?
thanks!
[Prev in Thread] | Current Thread | [Next in Thread] |