0

Our lead tech (unprofessionally) left our project, we can't contact him, but I, as a semi-technical project manager have access to our server on Joyent. Our new dev needs to take a look at our running instance to complete the project.

Is it possible to retrieve the root passphrase?

If I create new private ssh keys, should we be able to gain access to the server?

Worse case scenario, how can I back up the data if I can't access via ssh?

Trying to clean up this mess to hand over the right credentials to the professionals as soon as possible. Any help would be GREATLY appreciated. Thank you.

ruckadub
  • 1
  • 1
  • Even though the web is plenty of "password recovery" tutorials, based on what you wrote in the question and in the related aswer comments, I strongly suggest you to search for a professional support (there are plenty of junior sysadmin than can do this, even remotely): you'll spend some money but will get back much more than a simple password recovery :-) – Damiano Verzulli Jan 24 '15 at 23:38
  • Figured it out. Joyent let my new guy in, from there we we're able to recover everything. Thanks – ruckadub Mar 04 '15 at 17:00

1 Answers1

3

Are you able to ssh to the server? Are you able to sudo to the root user? What can you run via sudo?

Backing up the data will be easy if you can run sudo /bin/bash, for example, then use rsync to take a copy. Even better would be to take file system dumps using dump or zfs send for example. You can take block level backups using dd.

If you have physical access to the server, be it a recovery mode via Joyent, or being able to boot install media, then you can edit the /etc/shadow file. This is by far the simplest thing to do if possible. Once you edit /etc/shadow copy the crypt string from a user you know over the root user crypt string. For example:

root:$6$YPBAiH9m$Kf9euZx0JLKo6M51SIk1lQ1tjUajETECta/eB8dLTWEfPF1NncM7ebQrnPu7ExwqnZ130VcWyvRI21d8GlmyY/:16392:0:99999:7:::
ed:$6$zg0pHyXY$y6EriYDZCh4zrz1kztlxG2Fpf.8pmh9ON0fkoaSlW2jBJXfizrlBwGV4CFntwWsE55FKvuNlCS5UCpC1f2sio1:16392:0:99999:7:::

So, I know the password for ed, I'm just going to make root's look the same:

root:$6$zg0pHyXY$y6EriYDZCh4zrz1kztlxG2Fpf.8pmh9ON0fkoaSlW2jBJXfizrlBwGV4CFntwWsE55FKvuNlCS5UCpC1f2sio1:16392:0:99999:7:::
ed:$6$zg0pHyXY$y6EriYDZCh4zrz1kztlxG2Fpf.8pmh9ON0fkoaSlW2jBJXfizrlBwGV4CFntwWsE55FKvuNlCS5UCpC1f2sio1:16392:0:99999:7:::

See, so in effect, this is the easiest thing you can do, as you'll be setting the root password the same as a user that you know the password of.

Ed Neville
  • 193
  • 4
  • I'm not too familiar with SSH, I just understand the basic concept, but I'm taking notes and will forward to my guy. My other question is, by doing this, is it possible for the site that's currently being deployed to go down because of changing these passwords? Or will stay the same if I leave the original SSH intact, and just create a new one which shares the same passwords. – ruckadub Jan 24 '15 at 10:41
  • Are you trying to resolve this issue remotely or do you or a team member have physical access to the host? – Citizen Jan 24 '15 at 12:39
  • Well, I pay for the joyent server, so I have access to it remotely. – ruckadub Jan 24 '15 at 17:15