当前位置:网站首页>The KVM virtual machine of centos7 system forgot the password and couldn't enter it. The password was changed by modifying the /etc/shadow file by the host computer. After restart, the system could not correct the fault

The KVM virtual machine of centos7 system forgot the password and couldn't enter it. The password was changed by modifying the /etc/shadow file by the host computer. After restart, the system could not correct the fault

2020-11-10 12:04:37 you-men

Problem description

One day , Because of the handover problems of other project teams , kvm The fortress system users inside root The password can't log in , And then he modified it through the host /etc/shadow File change password , But after the modification, restart the system and find kvm The host computer can't connect to the virtual machine , and ssh There's no connection , Inside IP all ping no , Then find out if there is a way to solve this problem without reloading the system , Because it's a fortress machine , Strategy , data , No backup , The error has been stuck in the following message :

console test
Connected to domain test
Escape character is ^]


/*
		 Preliminary judgement : 
				1.  Maybe the system doesn't work , Stuck in a startup step 
				2.  Internal network card allocation IP, network card , There's a problem with network conflicts 
				3.  Internal services because of system restart , Dependency conflicts between services , The system doesn't work .
*/

Resolve errors 1 Escape character is ^]

Normally, you can enter the login interface by pressing enter , If not, try the following steps

If the above string appears, use CTRL+Shift+5 CTRL+Shift+]

  1. ERROR Format cannot be specified for unmanaged storage.
    virt-manager Storage pool not found , Create a storage pool

  2. KVM VNC Client connection flashback
    Use real vnc Or other vnc Client connection kvm Flash back , Set the client settings in ColourLevel Value is set to rgb222 or full that will do

  3. virsh shutdown Unable to shut down the virtual machine
    When using this command to shut down the virtual machine ,KVM It's sending a ACPI Instructions , Virtual machine installation is required acpid service :

  4. operation failed: Active console session exists for this domain

#  programme 1
$ ps aux | grep console
$ kill -9 < Process number >
#  programme 2
$ /etc/init.d/libvirt-bin restart
#  programme 3
$ ps aux | grep kvm
$ kill  The corresponding virtual machine process 
Summary
` The above method has been tried , Still stuck in this interface , Ask me over there /etc/shadow file ,  Ask him how he changed it , I'll see if I can repeat the steps ,  I'll make a new one here Kvm And virtual machine `

Resolve errors 2 kvm Change the virtual machine password

install libguestfs-tools
 yum install libguestfs-tools   
Generate a new cipher string
openssl passwd -1 -salt 'root' '123'
$1$hello$ZwmhCpcG.I1XIfVjdarKc1

# openssl It's an encryption tool ,-1  It means normal encryption ;
# root by key ,123456  It's the code , Here is the generated cipher string , In this way, we just need to replace them accordingly 

At that time, when the password string was generated, I saw that other people's blogs wrote hello, Say this is key, I didn't expect the user name , I wrote along with others , The following is a screenshot of the document that generated the password string for the project over there

2

` Suggest :  Refer to online documents ,  If you're not sure of a successful operation ,  It is recommended to use the test environment or your own virtual machine first , Take a look at the cloud server ,  Can successfully go to the production environment to operate `
linux The encrypted password of the system is stored in /etc/shadow In file
root:$1$bTPRDWwf$LpjUZmGTHw.hYFccl0/lK.:16804:0:99999:7:::                                                                                    
bin:*:15937:0:99999:7:::
daemon:*:15937:0:99999:7:::
adm:*:15937:0:99999:7:::
lp:*:15937:0:99999:7:::
sync:*:15937:0:99999:7:::
shutdown:*:15937:0:99999:7:::
modify root Account password
virt-edit -d centos7 /etc/shadow
root:$1$bTPRDWwf$LpjUZmGTHw.hYFccl0/lK.:16804:0:99999:7:::
#  Replace with 
root:$1$hello$ZwmhCpcG.I1XIfVjdarKc1:16541:0:99999:7:::
Or in kvm The command line starts the interface and changes the password

1. Host mechanism lost virtual machine , Then start

[root@kvm-47 ~]# virsh shutdown test1
[root@kvm-47 ~]# virsh start test1

2. Connect the virtual machine

[root@kvm-47 ~]# virsh console test1

Press lowercase e

3. Find the following location to add the command line

4. Press down Ctrl+X, Start in single user mode , Enter the relevant command to change the user password

switch_root:/# mount -o remount,rw /sysroot/
switch_root:/# chroot /sysroot/
sh-4.2# passwd root
Changing password for user root.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.
sh-4.2# touch /.autorelabel
sh-4.2# exit
exit
switch_root:/# reboot

And then we'll see that the password change is in effect

Summary

The above operation is my personal test and successful operation , Because the user name there is wrong , Then write the wrong encrypted string to /etc/shadow The message that caused the system to get stuck all the time , But I can test the system on my own server for this operation , But he can't , Because they kvm All of the virtual machines are through ssh Connected , I didn't do it console Connect , If the internal virtual machine network card , If there is a problem with network conflict , ssh It can't be connected , It is easy to confuse whether the network problem can not be connected or the system can not be connected So let's first let him console Connect , console Even if there is a problem with the virtual machine network , No network card , It can also be connected to ,

Resolve errors 3 Centos 7.x edition console Sign in

//  Check host , It's the same IP Address , Because of the existence of this network card , Can be used ssh Remote connection to virtual machine 

The following operations are limited to centos7, A lot of online operations are centos6 Of , 6 and 7 It's different , Bear in mind

// centos7 Of kvm Perform the following operations under the virtual machine 
cp /etc/grub2.cfg /tmp
grubby --update-kernel=ALL --args="console=ttyS0,115200n8"   ----->   Insert directly with the command 

// diff Compare 


// reboot


//  Host use virsh console  [ Virtual machine name ]

w
// ttys0 It's the name of the terminal , It is consistent with the configuration parameters , The following content is frequency ( The frequency of the serial port , The content of the switch )
` The above operation needs to enter the virtual machine to execute commands , So as to achieve the modification grub2.cfg,  But we can't get into the system `

` We can generate other virtual machines that can console Configuration of ,  On the virtual machine that the system can't afford `

` It's really possible through the above operation ,  The system also goes into the login interface , It can be ruled out that the system can't get up and get stuck in a certain place IP Can't connect ,  It's because of the internal network card .`

Resolve errors 4 -- root: no shell: Permission denied

/*
		 because kvm The file permissions in the virtual machine on the host computer have been modified inexplicably , Rebooting the system causes unreadable , Lack of authority , Stuck in the login interface all the time .
		 But his one /etc/shadow,/etc/passwd Users who get access to other virtual systems can also start and log in , The probability of authority problem is very high 
		 But how to determine what file it is , Look below 
		
		 Error message :
		-- root: no shell: Permission denied
*/
First, make sure that the permission denied indicates that many file permissions have changed

Ahead shell, We can take a look at the virtual machine /bin,/sbin, /usr/sbin The permission of the files in the directory has changed

determine /bin/bash jurisdiction

The file permissions are as follows , But the normal file is 755 Of , Or not sure what the file permissions are , Can be compared with the normal startup system file permissions

[root@kvm-47 ~]# virt-ls -l -d test1 /bin/bash
-rw-r-xr-x. 1 root root 960392 Aug  3  2016 /bin/bash
When you make sure that this permission has been changed , Maybe a lot of other documents have been changed , So let's see /bin/* jurisdiction
[root@kvm-47 ~]# virt-ls -l -d test1 /bin/*
determine /usr/bin/bash jurisdiction
[root@kvm-47 ~]# virt-ls -l -d test1 /usr/bin/bash
-rwxr-xr-x. 1 root root 960392 Aug  3  2016 /usr/bin/bash
It can be preliminarily determined that the landing error we encountered was due to /bin/bash There's a problem with authority

copy-in The virtual machine needs to be shut down

#  We can copy Files with normal permissions on the host copy To the virtual machine 
[root@kvm-47 ~]# virt-copy-in -d test1 /bin/bash /bin/
Restart the virtual machine
[root@kvm-47 ~]# virsh reboot test1
[root@kvm-47 ~]# virsh console test1
Connected to domain test1
Escape character is ^]

CentOS Linux 7 (Core)
Kernel 3.10.0-1127.el7.x86_64 on an x86_64

jumpserver login: root
 password :
Last login: Fri Nov  6 14:59:25 on ttyS0
[root@jumpserver ~]#

#  thus , Although our system logs in , No right to refuse , But to prevent /bin/bash Package is not compatible with the system , Let's update 

[root@jumpserver ~]# yum update bash

#  restart 
[root@jumpserver ~]# reboot
Try logging in again
#  Connect again , You can get in , It shows that the problem has been solved successfully 
[root@kvm-47 ~]# virsh console test
error: failed to get domain 'test'
error: Domain not found: no domain with matching name 'test'

[root@kvm-47 ~]# virsh console test1
Connected to domain test1
Escape character is ^]

CentOS Linux 7 (Core)
Kernel 3.10.0-1127.el7.x86_64 on an x86_64
[root@jumpserver ~]# 

版权声明
本文为[you-men]所创,转载请带上原文链接,感谢