Assuming CUCM was already installed. Boot the box with a Linux installation CD (e.g. RedHat). Type "linux rescue" in the boot prompt.
Choose keyboard. Default is 'US':
We don't need to set up network. Thus choose 'No' here.
Choose "Continue" to mount the CUCM file system.
The following message is telling you that the CUCM file system has been mounted under /mnt/sysimage. If you want to map the root directory to the CUCM file system (which is recommended), you may use command "chroot /mnt/sysimage".
Below are the commands and explanations.
chroot /mnt/sysimage
This is to map the root directory to CUCM file system.
cd /etc
Change the working directory to /etc, where most of the system configuration files are stored.
rm securetty
Remove file protection on files "passwd" and "shadow", which stores user info and passwords. Remove file "securetty" to allow remote connections with root.
passwd root
Reset (change) password for the root user. Type a password that is easy for you to remember. Retype it to confirm. If the password was changed successfully, you'll see the prompt "passwd: all authentication token updated successfully".
Notes:
- If you typed a simple password, you might get a warning like "BAD PASSWORD: it is based on a dictionary word". Just ignore it and retype to confirm.
- There's no screen display for the password you're typing. Type carefully.
The following steps require some basic knowledge of the vi editor. If you're not familiar with vi, please search Internet for vi commands help.
vi passwd
Change the passwd file so the root user has a shell (command line interpreter) to use. Use vi commands. Change the line
Save and exit file.
For those who are not familiar with vi, here are the command sequence (case-sensitive):
- Type /s to search for character 's'
- Type D to delete to the end of line
- Type A to enter append mode
- Type bin/bash to set the shell
- Press ESC key (it's a key on the upper-left corner of your keyboard) to exit append mode
- Type :wq to save and exit file.
vi ssh/sshd_config
Change the sshd_config file so you can SSH as root (it's disabled by default). Use vi commands. Change the line
To
For those who are not familiar with vi, here are the command sequence (case-sensitive):
- Type /Per to search for the word begins with 'Per'
- Type X to delete the letter on the left (which is '#' in this case)
- Type :wq! to save and exit this read-only file
vi /etc/pam.d/su, comment the following:
#auth sufficient /lib/security/$ISA/pam_rootok.so debug
#auth required /lib/security/$ISA/pam_wheel.so group=priviledged_grp
Back to command prompt and type exit command twice to reboot the system.
Use a SSH client (such as putty) to test. You should be able to SSH into CUCM with root account.
This method applies to all Linux-based appliances such as Unity Connection, CUPS, CER, UCCX (Linux version), etc.
Sometimes this might be /mnt/sysimage/partB !
ReplyDeleteIt doesn't work on CUCM 8.6, seems that Cisco guys are developing new security methods :) hahaa
ReplyDeleteWorked on my CUCM 8.6.2. :)
ReplyDeleteCool tip Michael. Thanks!
ReplyDeleteHi, i tired to do on cucm 8.6.1 and don't work. After i reboot was disabled all account and can't log anymore.
ReplyDeleteCan you help , i tired to do http://forum.ru-board.com/postings.cgi?action=edit&forum=35&topic=3849&postno=2607 ,
but the same, after reboot disable all account.
I just tried this on a 8.6.2 system and it would appear that the moment you change shadow, the system can no longer read it once CUCM attempts to boot. I get a unix_chkpwd error could not get username from shadow (root)
ReplyDeleteThis procedure is not specific to CUCM. This is a generic password recovery procedure for Linux. If you couldn't get it work, just search Internet for "Linux", "root", "password", "recovery".
ReplyDelete