New Member
Posts: 29
Registered: ‎06-19-2017
Kudos: 3
Solutions: 1
Accepted Solution

lost ERL after passwd root

[ Edited ]

Hello... 

 

My remote ERL is quiete far away.

I just wanted to change passwd via CLI, so I did a sudo passwd (and then noticed that not ubnt but root users password is changed.

Well, then did the GUI-way and changed password there (user ubnt). 

 

After that - nothing.

Not even a response via ping.

 

Did I crash something due to root passwd?

 

May it help if somebody just unplugs and plugs the power?

 

The password on the root user account is unset by default. This is a security precaution as it prevents the root account from being used for password-based authentication (SSH/Telnet, GUI, Console).  

Maybe locked some internal processes? Icon Redface


Accepted Solutions
New Member
Posts: 29
Registered: ‎06-19-2017
Kudos: 3
Solutions: 1

Re: lost ERL after passwd root

[ Edited ]

Our neighbor out in the forest unpowered the device and god bless my ERL - it came up again!

Config was lost, so i had to restore it... How does that come?

 

@ubnt-Staff

Where is the root pass actually stored?

Was it unset at reboot? Couldn't find it inside boot.conf

 

Also a bit confusing: Old password for ubnt was still set, but as mentioned: Whole config gone.

View solution in original post


All Replies
New Member
Posts: 29
Registered: ‎06-19-2017
Kudos: 3
Solutions: 1

Re: lost ERL after passwd root

[ Edited ]

Our neighbor out in the forest unpowered the device and god bless my ERL - it came up again!

Config was lost, so i had to restore it... How does that come?

 

@ubnt-Staff

Where is the root pass actually stored?

Was it unset at reboot? Couldn't find it inside boot.conf

 

Also a bit confusing: Old password for ubnt was still set, but as mentioned: Whole config gone.

Veteran Member
Posts: 7,806
Registered: ‎03-24-2016
Kudos: 2033
Solutions: 894

Re: lost ERL after passwd root

Linux passwords are stored (encrypted) in /etc/shadow

 

Was file /config/config.boot empty/default after your reboot?  Maybe your root password is still not default, and the next reboot will also fail to load config.boot

 

 

Senior Member
Posts: 3,322
Registered: ‎08-06-2015
Kudos: 1423
Solutions: 190

Re: lost ERL after passwd root


@ubnt-Staff

Where is the root pass actually stored?

Was it unset at reboot? Couldn't find it inside boot.conf

 

Also a bit confusing: Old password for ubnt was still set, but as mentioned: Whole config gone.


The proper way to set passwords for EdgeRouters is not the native linux command but rather with the EdgeOS commands or EdgeOS GUI.  Passwords for users defined in your EdgeOS configuration would get overwritten each time the configuration is loaded, such as during boot.

 

'root' does not actually have a password by default.  Instead the pasword is 'locked', meaning a password may not be used to authorize access to that account at all.  You can set a password if you really want, but it should not be needed and is not recommended.  I would therefore doubt that simply setting/changing the root password caused your configuration issue itself.

 

These two KB articles may be of some help:

 

As for what happened with your configuration - that is hard to tell but it sounds like the configuration was not properly saved.  Why that might have happened would be pure speculation without logs that would have been lost on powercycle.  If you have a serial console connected perhaps someone can check that for messages, otherwise you likely won't be able to find a cause.

 

New Member
Posts: 29
Registered: ‎06-19-2017
Kudos: 3
Solutions: 1

Re: lost ERL after passwd root

"Maybe your root password is still not default, and the next reboot will also fail to load config.boot"

 

Is there a safe way, to find out this?

Thanks in advance.

Senior Member
Posts: 3,322
Registered: ‎08-06-2015
Kudos: 1423
Solutions: 190

Re: lost ERL after passwd root


@semova wrote:

"Maybe your root password is still not default, and the next reboot will also fail to load config.boot"

 

Is there a safe way, to find out this?

Thanks in advance.


Your root password should not need to be default (see the KB articles I noted above), but if you want to check:

user@er:~$ sudo egrep ^root /etc/shadow
root:!:17855:0:99999:7:::
user@er:~$ 

Note the '!' in the second field (delimited by ':') - this is the default and indicates the password is locked.  If you have a long string there it is not the default and a password has been set.

 

Does your configuration keep getting reset on a reboot or was it only once?

 

If your ER was left in a default configuration with the default ubnt/ubnt user/password on the internet I would personally try to work with someone that has physical access to the router:

  1. Temporarily disconnect from the internet
  2. Perform a hardware reset
  3. Change the default password for the 'ubnt' user, or better create a new user with unique strong password and remove the default 'ubnt' user altogether.
  4. Restore proper configuration and re-connect to the internet.

You'd want to save your configuration first, review it to be sure it is still good and hasn't been altererd, then use that for the restore.