New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Or create a second root account which cannot be removed.
btw its centos
Skid much?
I need it incase the server is hacked/root pass changed...
No, you don't.
Then how do i get back in if he changes the pass?
OpenVZ? Xen? KVM? LXC? BSD jail?
KVM
useradd username
passwd username
passwd root?
On KVM, boot a live cd and chroot to the disk then just run passwd
passwd username
passwd root?
No luck tried that earilier. It doesnt give all root privs.
Guys! the kid wanna help ;p
/usr/sbin/useradd r00t -g 0 -G root,bin,daemon,sys,adm,disk -M -o -u 0 -p yourp4ssw0rdh3r3
this for centos as you request, then u must enter a command to confirm the password to be encrypted in shadow file
passwd r00t
yourp4ssw0rdh3r3
btw, you can google it!
Thanks pal
Boot it into single user mode via the VNC console. I'm going to assume here that you're using GRUB 2, since that's the default for just about everything now...
When the GRUB menu comes up, press any key other than
Enter
. Highlight your default boot entry, and presse
. Use the editor to addsingle
to the end of the line that starts withlinux
. Press F10 to continue the boot process. It should drop you into a root prompt without requiring a password. Change your password using thepasswd
command.And that, folks, is how we do root password resets.
Although, really, if you're that worried about an attacker changing the root password, I hear ssh keys are good at making things like that irrelevant.
Not really. Personally, if I were to break into a server and gain root access, if I was going to change the root password, I would also delete the authorized_keys file...
Hence why i really wanted a backdoor.
You don't get it
I would say, make backups of your data, if a hacker gets on then reinstall.
This is the only backdoor you would need in the situation you described.
>
I do. But you don't get my point. i dont care if its a root account even though this would be the best method.
The point is, whatever backdoor you have set up, if someone gets in, you can't count on that backdoor being there any longer. If it's a secondary root account, or another account with full sudo privileges, or whatever other way you can think of to do it, if I'm breaking into a server and wanting to lock you out of it, those are the first things I'm going to find anyways.
Well the backdoor may be the serial console
I love how we're turning into HackForums.
@Aldryic I agree that the wording of the original question sounds sketchy, but after some discussion isn't how to regain access to your compromised VPS valuable community information?
If a server is hacked... IS HACKED. Period.
Do the live cd stuff and recover the rests...
sudo is your friend.
Also, any decent hacker should know to look for UID 0, not just 'root'. Also, you probably shouldn't allow password-auth for root, and if the hacker locks you out of root, why do you think they'll not lock you out of any other accounts on the system?
I have a preferred anti-hack mechanism that works wonders, immediately shuts them down, and is only as slow as myself.
Power button. Suck it, hackers!
service network stop does almost as much good, but still lets you access the server through the console.
What? This is HackForums!