Welcome to the Linux Foundation Forum!

Locked Out!

aharris
aharris Posts: 4
edited April 2012 in Getting Started with Linux

Hello all. I have CentOS I believe, although when booting it says something about RedHat. In any event, we had two logins we used to use to SSH into the box. root and admin, neither of them work anymore. Nobody changed the passwords, yet when attempting to log in via SSH, the system states, "Access Denied".

I have also tried to get on the machine directly at the console. I rebooted the machine, let the OS load and it eventually comes to a desktop that is blue, and an error message that states the following:

There was an error loading the theme Default

Failed to open file '//usr/share/gdm/themes/default/rehat_logo.png' No such file or directory'

That error was around prior to the SSH issue.

Long story short, I cannot get on the machine at all. Any thoughts would be great.

Thanks

Comments

  • woboyle
    woboyle Posts: 501
    Boot with a recovery CD/DVD disc. Mount the root file system. Edit the file /etc/inittab in the mounted file system and change the runlevel to 3. Then reboot from disc. That will boot you into text mode so you can login as root and fix the GUI and other cruft.
  • derrickdp
    derrickdp Posts: 1
    If you are able to login in the console as root, do so.

    edit this file /etc/ssh/sshd_config

    and set "PermitRootLogin" to "yes". (

    Chances are it is either missing or set to "without-password".

    restart the ssh
    %/etc/init.d/sshd restart



  • aharris
    aharris Posts: 4
    Thanks for the replies. Rubberman, we will try your suggestion today. Derrick, I cannot login to the machine at all, the two accounts we have are locked out, ie. access denied, etc. The accounts are root and admin, and both locked. CTRL-ALT-F1 did enable me to break out of the stalled desktop and actually to the command line login though.
  • marc
    marc Posts: 647
    Maybe you were hacked and the passwords were changed just to fool you around.

    Get a livecd, mount /, get into the /etc/shadow and set to emtpy the first field after your login names.

    Reboot the machine and try login in now
  • aharris
    aharris Posts: 4
    Here is the resolution we used. Thanks to all who helped.

    Solution:

    Shut down box and put drive in another Linux box.
    Mount drive and edit the grub.conf file, add "single" to the end of the kernel line and save
    Put drive back in box, bring up machine in single mode and then VI the passwd file on a monitor that you really can't even see what it says, remove the encrypted root password and save the passwd file, then init 3 and bring up machine, login as root with no password and set password.
  • woboyle
    woboyle Posts: 501
    AHarris's last comment was not far off the mark. If you think you may have been infected with a virus, what I do for my consulting clients in such a case is extract the drive from their system, plug it into a dock on my Linux system, and scan it with 3 different A/V scanners (there a a bunch for Linux systems that will catch Linux and Windows virus-infected files and discs). If it is a Linux system drive, then after scanning/cleaning it, I set the root password to an empty string (no password), put it back in their system with it set to boot into single user mode (no graphics), boot up, login to root, reset the root password and any affected user accounts (or all of them if necessary), and set all user accounts to require changing their password on next login.

    Yes, this is a major PITA, but the alternatives are much less appealing! I have also done all this by booting into a live/recovery CD/DVD/USB drive, installing the A/V programs temporarily in the recovery systems (along with updating virus signature files), mounting and scanning the system partitions / discs as necessary, and doing the other cruft (single-user mode, no GUI, reset passwords, etc). I only do that if I can't get the system drive to my workstation/server, like when I need to do an onsite call, though then I take my laptop and docking bay with all my tools installed. Much cleaner!
  • aharris
    aharris Posts: 4
    Anyone have any thoughts on finding out exactly what happened with regard to losing all logins in the first place?

    Thanks!

Categories

Upcoming Training