Telnet login to Linux for the first time (cannot log in with correct password) reports Login incorrect

1. /etc/passwd and /etc/shadow

Accounts and passwords in the Linux system are stored in two files: /etc/passwd and /etc/shadow.

# cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/false
bin:x:2:2:bin:/bin:/bin/false
sys:x:3:3:sys:/dev:/bin/false
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/false
www-data:x:33:33:www-data:/var/www:/bin/false
operator:x:37:37:Operator:/var:/bin/false
nobody:x:65534:65534:nobody:/home:/bin/false
sshd:x:1000:1000:SSH drop priv user:/var/empty:/bin/false

The above is the content in the etc/passwd file. It can be observed that the content of each line is consistent in format. That is, each line represents an account, such as the root account in the first line in the figure above, the daemon account in the second line, and the bin account in the third line. In addition to saving the root account and ordinary user accounts, this file also saves some accounts required for the normal operation of the system, such as daemon, bin, sys and other system accounts.

How can there be so many users by default in the Linux system? Most of these users are necessary for the normal operation of the system or service, and such users are usually called system users or pseudo-users. System users cannot be used to log in to the system, but they cannot be deleted either, because once deleted, the services or programs that rely on these users to run cannot be executed normally, which will cause system problems.

passwd consists of 7 fields in total, separated by 6 colons. Their meanings are:

  • 1 username
  • 2 Whether there is an encrypted password, x means yes, no filling means no, using MD5, DES encryption.
  • 3 User ID s
  • 4 group ID s
  • 5 Comment field
  • 6 Login directory
  • 7 The shell program used
Username Password: UID(user ID): GID(Group ID): Descriptive Information: Home Directory: Default Shell

The /etc/shadow file is used to store the password information of users in the Linux system, also known as "shadow file". The /etc/passwd file was introduced earlier. Since this file is allowed to be read by all users, it is easy to cause user password leakage. Therefore, the Linux system separates the user's password information from the /etc/passwd file and puts it in this file separately. The /etc/shadow file is only readable by the root user, and other users have no permission, thus ensuring the security of user passwords.

# cat /etc/shadow
root:$5$xBnBrwleKnDI$DHkgvlnZO6fuk8535ZHJSbBaBapPgIRsyNjgC8rxyY0:::::::
daemon:*:::::::
bin:*:::::::
sys:*:::::::
sync:*:::::::
mail:*:::::::
www-data:*:::::::
operator:*:::::::
nobody:*:::::::
sshd:*:::::::
#

The above is the content of the /etc/shadow file. If you want to view the content of this file, you must have administrator privileges to view its content. Like the passwd file, colons are used to separate each item, and each line has 9 items.

Username: Encrypted Password: Last Modified Time: Minimum Modified Interval: Password Validity Period: Number of Days of Warning Before Password Needs to be Changed: Grace Time After Password Expires: Account Expiration Time: Reserved Field

2. Login

The above two files are compiled and generated by the system. Currently, buildroot is used as an example to illustrate

As above, after setting the Root password when executing make buildroot-menuconfig, compile and burn it to the board. After the system starts, we can see the above two files in the /etc directory. After configuring the network at this time, we use Log in with telnet, and find that after entering the correct password, you can’t connect and report the following Login incorrect error

sl:~$ telnet 10.19.15.103 61994
Trying 10.19.15.103...
Connected to 10.19.15.103.
Escape character is '^]'.

buildroot login: root
Password: 
Login incorrect

In order to verify the correctness of our account and password, we used ssh to connect again and found that the connection was successful. So we tried to use the passwd command to modify the password, and then use telnet to connect after modification, so the phenomenon is very strange.

Therefore, we compared the information of the root account line in the shadow file before and after changing the password and found that the root line changed from the original root:$5$xBnBrwleKnDI$DHkgvlnZO6fuk8535ZHJSbBaBapPgIRsyNjgC8rxyY0:::::::: to root:$5$n6FAir2UP2Ou8Q$umJebvqKr207YBCeYV5XH2pndsll. W5QeE9ZzKp3IHA:18332::::::, after the first colon is the encrypted password, there is no problem with this, the main reason is that the last modification time is added to the second colon, so we guess whether it is the corresponding before changing the password Just add a random number to this item.

According to our conjecture, adding a random number is enough for the first telnet connection, so we made the following changes when compiling and configuring buildroot

Edit buildroot/package/skeleton-init-common/skeleton-init-common.mk file

$ git diff buildroot/package/skeleton-init-common/skeleton-init-common.mk
diff --git a/buildroot/package/skeleton-init-common/skeleton-init-common.mk b/buildroot/package/skeleton-init-common/skeleton-init-common.mk
index 4a67f51..d78496b 100644
--- a/buildroot/package/skeleton-init-common/skeleton-init-common.mk
+++ b/buildroot/package/skeleton-init-common/skeleton-init-common.mk
@@ -76,7 +76,7 @@ else # !BR2_TARGET_ENABLE_ROOT_LOGIN
 SKELETON_INIT_COMMON_ROOT_PASSWORD = "*"
 endif
 define SKELETON_INIT_COMMON_SET_ROOT_PASSWD
-       $(SED) s,^root:[^:]*:,root:$(SKELETON_INIT_COMMON_ROOT_PASSWORD):, $(TARGET_DIR)/etc/shadow
+       $(SED) s,^root:[^:]*:,root:$(SKELETON_INIT_COMMON_ROOT_PASSWORD):1, $(TARGET_DIR)/etc/shadow
 endef
 SKELETON_INIT_COMMON_TARGET_FINALIZE_HOOKS += SKELETON_INIT_COMMON_SET_ROOT_PASSWD

After recompiling buildroot after the above modification, the system will be connected successfully for the first time with telnet.

Tags: Linux Operation & Maintenance server

Posted by DataSpy on Wed, 01 Feb 2023 08:47:27 +0530