AppGate Network Security AB Phone: +1 919 469 5066 Partner login Cryptzone Group Contact us

Recover the root password without administrative access

This article applies to AppGate version 8 or earlier. In version 9 you can reboot the system from the Factory defaults file system which allows you to reset the root and/or agadmin password. See the manual for instructions on this.

Description:

If the root password is lost but you have access to an AppGate account with Admin Role access you should read Answer note Answer-0012 instead.

If both the root password and passwords to any user accounts with Admin Role access are lost this method may be used.

This method only works for AppGate Ax models which can boot from an USB stick.

Overview:

This is a rough picture of what you will have to do to recover the AppGate

  1. Download and prepare a bootable Open Solaris CD.
  2. Boot a PC with this CD (it won't harm the PC).
  3. Once Open Solaris is booted you'll run a command that creates a bootable USB stick (which you'll need naturally, 1Gb or more)
  4. Use the stick to boot the AppGate
  5. Either reset the password or repair the file system(s)
  6. Reboot normally

Detailed instructions

  1. Download and prepare a bootable Solaris CD. You'll find a suitable ISO image at this URL: http://www.belenix.org/content/Download Then use any CD-write software that can write an ISO to CD.
  2. Boot a PC from the CD. You may have to press F8 or F12 to select boot order or you might have to go into the BIOS to get the computer to boot from your CD. When presented with the boot loader (Sunny background) just select the first alternative. You may be prompted for an environment to use, if so, select command line. If not, what you need to do is to get yourself a unix command prompt. 
  3. When you have managed to get a command prompt, plug in the USB stick and type 'usbdump'. Once the stick has been manufactured remove it and you can then reboot the PC.
  4. Plug the stick into one of the USB ports on the front of the AppGate Server and start it. Press F8 repeatedly once the fans goes into maximum regime and keep doing it until the BIOS ask your for boot media. Select Harddisks and then your USB stick.

During the USB boot you may need this:

  • USB stick account: root
  • USB stick password: belenix

When booting the USB, the Belenix Solaris will automatically try to find any Solaris file system on any hard disks and mount it.

So what happens at this point depends. Either you may get prompted with the USB root password because the AppGate file systems have were unmounted ungracefully or the boot continues smoothly.

In case it asks for password while booting you enter it and follow the instructions to recover the filesystem. After recovery you should reboot the from the USB again: 

init 6

If the USB boot goes well you can login (see password above). If you can do: 

cd /mnt/solaris1/etc
this means the AppGate root file system was mounted successfully. You can now move on to resetting the AppGate root password.

If you can't do the cd command you may need to repair the AppGate file system manually: Type the following command 

 fsck -y /dev/rdsk/c1d0s0 /dev/rdsk/c1d0s3
Then reboot the computer again from the USB by typing 
 init 6

Resetting the AppGate root password

The root password is located in the /etc/shadow file in the AppGate system. On the USB booted system it will be /mnt/solaris1/etc/shadow. To edit the shadow file type: 

vi shadow
Vi is an editor, you need to use the following keys:
  • j move left
  • k move right
  • h move up
  • l move down
  • x delete the character where the cursor i located
Using these keys navigate to the line starting with 'root'. Move there and position the cursor at the first character to the right of the first colon sign (ex root:kF/vcqiRp0OQk:6445:::::: this would be the k). Using 'x' you delete every character until the next colon sign (leaving a line like root::6445::::::). Save the file by pressing Esc : x (the Esc button, then colon and finally x). Reboot the system by typing 
init 6
and unplug the USB.

The system should now boot as the normal AppGate system.

If you successfuly erased the root password and managed to login as root on your AppGate system you should set it to something more secure than the empty string. Use the command: 

passwd.rootonly

Resetting the AppGate agadmin password

Because you have been doing this whole execise you have most likely lost the agadmin password as well. To reset password on any of the real AppGate system accounts you can use this command: 

ag_passwd_util -s new-password agadmin
Exchange the text new-password for a useful new password for the agadmin account or any other local account you have on this AppGate system.
Updated 2010-06-03 16:18 Copyright © 2002-2010 AppGate Network Security AB. All rights reserved.
Legal notice		 Contact AppGate Network Security
Comments to the webmaster