Good afternoon everyone!
Is there any way to change a password of a user in Linux only having its hash? That is, on another Linux machine I have generated a password for a user, copied the hash of the /etc/shadow file and pasted it on the other machine, would that be enough? I have done tests and it has not worked for me so I understand that it does not. I do this because I need to pass that hash to third parties so they can apply it in a Puppet and I don't want to pass the root password to them.
Thank you!
It depends on the PAM configuration of both systems, which, in my
Ubuntu, is stored in/etc/pam.d/passwd, which in turn is limited to loading/etc/pam.d/common-password, and suggests us to consultman pam_unix.In said
/etc/pam.d/common-password, the important option isIf both systems use the same configuration, it's as easy as you suggest: copy the characters between the first and the second
:, leaving the/etc/shadowso that:In that example, both users share the same password.
It's also a good idea to check the
/etc/passwd, just to make sure both users have active passwords using the shadow system :It is this file, the important thing is the , which indicates that the shadow
xsystem is used for that user .In case the systems do not use the same configuration, things get quite complicated. You could reconfigure one of them, but that involves removing the current passwords to set others with the new settings.
EDIT
There are alternatives to what you intend: use
sudo, usesshwith public/private key, ...Passing the hash of a password contradicts the point of using a hash. If you give access with the direct hash, you open your system to any "man in the middle" attack, where third parties leak the hash and use it to access your system in an unauthorized way.