Work on ESXi5.0 with Centos Live cd.
I used a CentOS 5.6 x86_64 LiveCD to boot the ESXi server into, then to find state.tgz, I had to mount the following:
# mount /dev/sdc5 /a
At that point, the file was located at /mnt/state.tgz, and I could continue the rest of the instructions above. To figure out which device to mount, I looked in '/dev/disk/by-label' and saw a link called 'ESXi' that pointed to /dev/sdc. From there, I mounted the partitions (sdc1, sdc2, sdc3, etc) and checked the contents until I found the partition with state.tgz in it (in my case it was /dev/sdc5 as indicated above).
# mount /dev/sdc5 /a
At that point, the file was located at /mnt/state.tgz, and I could continue the rest of the instructions above. To figure out which device to mount, I looked in '/dev/disk/by-label' and saw a link called 'ESXi' that pointed to /dev/sdc. From there, I mounted the partitions (sdc1, sdc2, sdc3, etc) and checked the contents until I found the partition with state.tgz in it (in my case it was /dev/sdc5 as indicated above).
The files containing the password hashes are called "shadow". It is contained in a nested structure of archives:
You cannot read the password of the root account, as it is one-way-hashed, but you can replace it with a known one or remove it altogether.
Here's a step-by-step guide how change the password file:
1. First of all, you need to boot your ESXi server with a Linux live CD. I prefer GRML, but any live CD will do. Of course, you can also boot from a USB stick.
2. Find the partition containing a file named "state.tgz. You might need to mount it manually with the command
#mkdir /a#mount /dev/sdc5 /a
3. Unpack the "state.tgz" file somewhere. It contains exactly one file, which is another archive named "local.tgz".
#cd /a#cp state.tgz state.tgz.bkup#tar xzf state.tgz
4. Unpack the "local.tgz", and find an "etc" directory containing several configuration files.
#tar xzf local.tgz
5. Edit the file etc/shadow to change the password.
#vi etc/shadow
Probably the easiest way is to replace the line starting with "root" with the line of another user account of which you know the password. You only need to change the name at the beginning of the line (before the first colon) to "root". You've then set the root password to a password you know.
Alternatively, you can just remove the hash altogether (everything between the first and the second colon) and login to the service console as root with no password at all.
Alternatively, you can just remove the hash altogether (everything between the first and the second colon) and login to the service console as root with no password at all.
6. Re-pack the files and move the modified state.tgz back to the VFAT partition. Probably it is a good idea to make a backup copy of the original state.tgz in case something goes wrong:
#rm local.tgz#rm state.tgz#tar czf local.tgz etc#tar czf state.tgz local.tgz
7. Reboot back into ESXi and you're done.
No comments:
Post a Comment