There is a server with FreeBSD, inside something useful. Route access is lost. How to get inside?

    1 answer 1

    Generally speaking, the preferred method of root access to * BSD is not the login by the root user, but sudo from under the unprivileged user. But consider the situation when all you have is a server with FreeBSD and no access to it.

    Method 1, simple

    The root password can be forcibly changed; this will require physical access to the server console (that is, a physical connection with a keyboard, or, in the case of colocation, access via IP-KVM or IPMI / BMC) and server reboot. To do this, follow these steps:

    1. Reboot the server (if it is on; just turn it on if it is off)
    2. When booting the OS, select boot to single user mode (the menu option "Boot FreeBSD in single user mode", usually goes under item 4)
    3. Press Enter in response to the question "Enter full pathname for shell or RETURN for / bin / sh:"
    4. Now the server is loaded into the "single". In this case, only the / partition is mounted, and in the "read only" mode (the others are not mounted at all). Remount it to "normal" mode, allowing write operations: mount -o rw /
    5. Now you can change the root password with the passwd command - the old password will not be asked.
    6. Change your password? Resume the OS in a standard, multi-user mode - all you have to do is to exit the single-player shell by typing exit .

    This method (login to a single without root password) works out of the box. To disable this feature (so that someone who has physical access to the server does not change your root password), you need to change the physical console setting: in the /etc/ttys change the line

     console none unknown off secure

    on

     console none unknown off insecure

    Try to reboot into single-user mode now - without knowing the current root password you cannot get into it.

    Method 2 is more complicated

    This method works even if the recommendations on protection against booting into a single without a root password are fulfilled, since it does not require loading the target OS at all in order to change the root password in it.

    1. Log in to the target server in FreeBSD from another partition or even from another medium - HDD, CD, USB flash drive, network via PXE, virtual media via BMC / KVM, etc.

    2. Mount the root partition of the OS, from which the password is forgotten, into the currently loaded OS:

       mkdir /mnt/rootpart && mount /dev/ad0s1 /mnt/rootpart

      (where ad0s1 , respectively, points to the root partition of the OS, access to which needs to be restored - in a particular case, letters and numbers may differ)

    3. Change the "current" root partition to the mounted one:

       chroot /mnt/rootpart

      Now you are working as if in the one with the lost password, OS.

    4. Now you can change the root password with the passwd command - the old password will not be asked.

    5. We leave the chroot "out" in the running OS:

       exit

    6. We unmount the OS being prepared root partition, to which we change the password:

       umount /mnt/rootpart

    7. Is done. You can reboot back to the OS you are interested in and log in with a new root password.