Password Recovery for X86 Platform
- Tracy Yang
This guide provides the procedure for recovering the admin account password login from the ETH interface for X86 platform switches. If you forget the admin password, use the password recovery procedure to reset the admin password.
Step1 Login to the switch through the console port.
Step2 Power cycle the switch.
Step3 Enter ONIE.
+----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line.
Step4 From GRUB prompt, Choose ONIE: Rescue to boot ONIE in rescue mode.
GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+
Step5 Check out the partition on which "PICOS-GRUB" resides.
ONIE:/ # blkid /dev/sda6: LABEL="User-Data" UUID="da55e09c-0e7b-4d96-a8c9-bee2ed5bb42c" /dev/sda5: LABEL="PicOS2" UUID="3f228548-64c1-492c-ad3d-8ca7d248c11a" /dev/sda4: LABEL="PicOS" UUID="039453f9-0879-4c86-9e0b-8ef4d34d9a66" /dev/sda3: LABEL="PICOS-GRUB" UUID="b3a8ab95-43f9-4f21-9c76-7f48101be381" /dev/sda2: LABEL="ONIE-BOOT" UUID="7fcaa6c8-d174-42c1-abd1-8c6eea46eb6b" /dev/sda1: LABEL="EFI System" UUID="36E9-D2F5" ONIE:/ #
We find that the partition of LABEL="PICOS-GRUB" is /dev/sda3.
Step6 Issue the following commands to check whether the currently running system is PicOS or PicOS2 in the partition running "PICOS-GRUB".
In this example, "PICOS-GRUB" is on partition /dev/sda3 according to Step 5, so we mount /dev/sda3.
# mount /dev/sda3 /mnt
ONIE:/ # cat /mnt/grub/grubenv
# GRUB Environment Block
######################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################## GRUB Environment Block
default=PICOS-3.8.0.1+1
#######################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
ONIE:/ #
ONIE:/ # cat /mnt/grub/grub.cfg
serial --port=0x3f8 --speed=115200 --word=8 --parity=no --stop=1
terminal_input serial
terminal_output serial
set timeout=5
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
fi
if [ "${saved_entry}" ] ; then
set default="${saved_entry}"
set saved_entry=
save_env saved_entry
fi
menuentry PICOS-3.8.0.1+2 {
search --no-floppy --label --set=root PicOS
linux /boot/vmlinuz root=LABEL=PicOS rw fsck.mode=force fsckfix rootfstype=ext4 console=ttyS0,115200n8 intel_iommu=off nospectre_v2 nopti platform=n3200
initrd /boot/initrd.img
}
menuentry PICOS-3.8.0.1+1 {
search --no-floppy --label --set=root PicOS2
linux /boot/vmlinuz root=LABEL=PicOS2 rw fsck.mode=force fsckfix rootfstype=ext4 console=ttyS0,115200n8 intel_iommu=off nospectre_v2 nopti platform=n3200
initrd /boot/initrd.img
}
menuentry ONIE {
search --no-floppy --label --set=root "EFI System"
echo 'Loading ONIE ...'
chainloader /EFI/onie/grubx64.efi
}
ONIE:/ #
1) First, find out the default version of the system.
From the line with "default=PICOS-3.8.0.1+1", we find that the default version of the system is PICOS-3.8.0.1, and the label is 1.
2) Then, check out whether the currently running system is PicOS or PicOS2.
According to "PICOS-3.8.0.1+1", find the following block. In this block, there is "label --set=root PicOS2", it means the running system is PicOS2.
menuentry PICOS-3.8.0.1+1 {
search --no-floppy --label --set=root PicOS2
linux /boot/vmlinuz root=LABEL=PicOS2 rw fsck.mode=force fsckfix rootfstype=ext4 console=ttyS0,115200n8 intel_iommu=off nospectre_v2 nopti platform=n3200
initrd /boot/initrd.img
}
Step7 From the ONIE prompt, perform the following commands to mount the current boot partition.
ONIE:/ # blkid /dev/sda6: LABEL="User-Data" UUID="da55e09c-0e7b-4d96-a8c9-bee2ed5bb42c" /dev/sda5: LABEL="PicOS2" UUID="3f228548-64c1-492c-ad3d-8ca7d248c11a" /dev/sda4: LABEL="PicOS" UUID="039453f9-0879-4c86-9e0b-8ef4d34d9a66" /dev/sda3: LABEL="PICOS-GRUB" UUID="b3a8ab95-43f9-4f21-9c76-7f48101be381" /dev/sda2: LABEL="ONIE-BOOT" UUID="7fcaa6c8-d174-42c1-abd1-8c6eea46eb6b" /dev/sda1: LABEL="EFI System" UUID="36E9-D2F5" /dev/mmcblk0p2: LABEL="EDA-DIAG" UUID="48f14bec-740e-4aa2-9605-f32de15f9f2c" /dev/mmcblk0p1: LABEL="EFI System" UUID="3D0E-3759" ONIE:/ # mount /dev/sda5 /mnt/ // The partition is based on the step 6.
Step8 Modify the shadow file.
# vi etc/shadow
Change the following line from:
admin:$1$eE9WFgVk$EwGcNl83uK98.r8TcKn2q/:15385:0:99999:7:::
into:
admin::15385:0:99999:7::: //Remove the string between the first and the second colon
Step9 Execute the sync operation.
# sync
The subsequent steps are distinguished between devices currently running in OVS and L2/L3 mode. Please choose the appropriate steps according to the PicOS mode.
Note: You can refer to the document Checking PicOS Mode to check the current PicOS mode of the device.
- If the running PicOS mode is L2/L3 mode, go to L2/L3 Mode.
- If the running PicOS mode is OVS mode, go to OVS Mode.
L2/L3 Mode:
Step10 Modify the configuration file.
ONIE:/# vi pica/config/pica_startup.boot
In the pica_startup.boot file, you will find lines starting with “user admin {“, remove lines of user admin configurations.
For example, remove the following six lines in configuration file.
user admin {
authentication {
plain-text-password: "$1$zL8TUrpq$/Y1tcx1IhwPkm6HEd4aEM/"
}
class: "super-user"
}
Save and exit with “:wq”.
Copy the configuration file to the backup file.
ONIE:/# cp /mnt/pica/config/pica_startup.boot /mnt/backup/pica/config/pica_startup.boot ONIE:/# sync
Step11 Umount and reboot the switch.
# umount /mnt # reboot
Step12 When you see PicOS login again, you can log in by the admin user without a password.
Step13 Set a new admin password using the following CLI commands and save the configuration.
root@XorPlus# set system login user admin authentication plain-text-password pica8 //Please enter the new password root@XorPlus# set system login user admin class "super-user" root@XorPlus# commit
After the above steps, you can log into the system with the new password.
OVS Mode:
Step10 Umount and reboot the switch.
# umount /mnt # reboot
Step11 Set a new admin password with passwd admin command and save the configuration. The commands are illustrated here:
root@XorPlus:~$ passwd admin Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
After the above steps, you can log into the system with the new password.
Copyright © 2024 Pica8 Inc. All Rights Reserved.