Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

"cannot open access to console the root account is locked.."

Linux Kernel, Network, and Services configuration.
Message
Author
cuckooflew
Posts: 677
Joined: 2018-05-10 19:34
Location: Some where out west
Been thanked: 1 time

Re: "cannot open access to console the root account is locke

#21 Post by cuckooflew »

Yes, I know what you mean, well nobody was born knowing everything, any way, This was all ready mentioned, did you try it ?, It is usually pretty simple and should work,
Cannot open access to console, the root account is locked.
Head_on_a_Stick>>Try using init=/bin/bash as a kernel parameter instead to boot to a passwordless root shell.
It only takes a few minuets to try that, but if it does not work then the other methods mentioned should work, I would try using a live CD first, if it was me.
Just a side note:
If it weren't Debian I wouldn't ask here. I'm using Debian Stretch 9.5 fully updated as I run package manager daily to stay up to date.....
That is nice, it would be nice if everyone was like that, but saddly there are a lot of times when the OP does not tell us what distro or OS it is, and finally after many members take the time trying to help the person, and nothing seems to work, they finally get around to mentioning it is not Debian, so some of the members that have been here for awhile have learned to ask, before trying to give answers, yes, logic would dictate, "Debian users forum", but unfortunately there are a lot of very illogical people that pop in here from time to time.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!

cyberoptiq
Posts: 17
Joined: 2018-07-23 15:17
Location: Somewhere in PA

Re: "cannot open access to console the root account is locke

#22 Post by cyberoptiq »

It only takes a few minuets to try that, but if it does not work then the other methods mentioned should work, I would try using a live CD first, if it was me. - Understood....will try that when time is available....having doctors appointments and doing dialysis for my wife on a daily basis does take priority over my time....appreciate all the suggestions from everyone including you....I panicked when encountering this error message because other issues I've been able to figure out but this one kicked my butt....thanks again!!

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: "cannot open access to console the root account is locke

#23 Post by GarryRicketson »

Life does get complicated at times,.... any way, to add to what this cuckooflew said, and also not mentioned in the link to https://forums.bunsenlabs.org/viewtopic.php?id=3926,
To be able to write to any files, the "ro" needs to be changed to "rw".
Also since the "fstab" file was modified, I am not sure it will work. But it is the simplest option, and what I would try first, then if it does not work, move on to more complicated methods.
I made some screen shots to try to help clarify. Also am not sure if it works on newer Debian versions.
Image
To see a full size image, just click the image.
Select the line you want to boot with, and type "e", to open the editor.
Image
The arrow keys can be used to move the tab, up in the right corner, on the "s" in setparms. Move it down to where the line with "ro" is .
Image
Here (above), you will see where I changed it to "rw" and added the " init=/bin/bash" to it.
Below, I have booted, and you can see by the # sign, I am in as root.
Image
===========================================
Image
Above, I used "nano" to edit the fstab file, I just added a comment, but as you can see I was able to write to it and it was saved. If you do not have a editor like, joe,pico, or nano installed, you may have use "vi" instead, that depends on what editors you have installed. I do not like "vi" myself, but many others prefer it, if one has never used it, it can be some what intimidating, but that would be another topic.
Also note, when you edit the "setparm" this way, it is only a 1 time thing,it is not permanent, that is to say it will boot with the changed parameter, only 1 time, it does not save it, so if for example the changes you make to fstab still do not work, and you need to boot this way again, you need to go through the same process again.
========
Also, I apologize, When I said "Really ? " I did not intend to be rude, or "belittle" anyone, it never occurred to me it would be taken that way,.. I meant
"Really" ? Thinking that was good, and perhaps it would not be necessary to explain a lot of other details, so any way, guess I should have worded it differently, human language is not one of my best skills.
There are many ways to gain access to a computer, and as root, but won't go into all of them just now.

cyberoptiq
Posts: 17
Joined: 2018-07-23 15:17
Location: Somewhere in PA

Re: "cannot open access to console the root account is locke

#24 Post by cyberoptiq »

Sorry for the late reply....been busy with doctors appointments for wife and I due to kidney transplant we're trying to get done....don't remember if I mentioned this earlier but my drive is encrypted when I did the install....I popped a live (old 8.4.0) DVD in the laptop and am replying from it right now....current problem is now that whenever I try to access the HD itself, it asks for the LUKS password, which I provide, but comes back saying it can't unlock it....I know the password is correct because it is the one I've been using for all my linux laptops....any suggestion on this I would greatly appreciate and please accept my apologies for being such a pain in the butt....

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: "cannot open access to console the root account is locke

#25 Post by GarryRicketson »

don't remember if I mentioned this earlier but my drive is encrypted when I did the install....
I don't think you did , I looked through the thread, (but quickly) and don't see
anything, any way,...
I have no experience with LUKS, but this is one of the main reasons I have never tried using it :
it asks for the LUKS password, which I provide, but comes back saying it can't unlock it....I know the password is correct because it is the one I've been using for all my linux laptops.
Have you tried on another laptop, does that password still work ?
Here is the bad new :
A very long time ago , we had a member that said they were drunk when they setup their encryption, and could not remember the password they set, in your case, you are sure you remember , or have the password correct, but it does not work,
So any way, I did do quite a bit of searching , but could not find anything on resetting or recovering a lost , forgotten, or mal functioning password, when using LUKS encryption,... it seems if the password does not work, you are out of luck,
My LUKS password does not work, what can I do
========================
https://unix.stackexchange.com/question ... oesnt-work
In the above link, there is maybe some possible solution, but not much.
There was one time , on one of my laptops, I could not log in as root, I was sure it was the same password I use on all my laptops, and PC, (that in itself is not a very secure thing to do, and it kind of makes using some encryption program point less, but it is another topic), Any way, I stumbled on to the problem, by accident, it turned out that when I set the password, I used a upper case letter, where I usually use all lower case,...I had forgotten on that particular laptop, the password had a upper case letter,.. it actually was not a accident, but the laptop has Minix3 on it, and I had forgotten , the minix installer will not permit all lowercase letters, the password must contain at least 1 uppercase, or a number, symbol, etc. ...
This (below) is the one that is discouraging,
from: https://superuser.com/questions/476945/ ... passphrase
There is no way around it. That the whole point of encryption in the first place.
You will have to erase the partition and start over, all data is lost.
There are some other results where they claim to have been able to "brute force", but it would be beyond the scope of this forum to go into details, and to be honest, not knowing anything about "LUKs", my self, most of what I read there does not make sense to me. But here is a small quote:
Good News Everyone!

Fortunately, we managed to recover the password for the server and disaster has been averted.

Going forward, a truly random password will be generated for LUKS encryption to avoid someone bruteforcing the password as we have done. To achieve a high bus factor and to ensure “business continuity”, this password will be printed out and placed in a sealed envelope for safe-keeping by trusted persons. To reduce the chances of someone having to reach for the envelope, we can deploy the mechanism I developed for my home server earlier this year that automatically unlocks the LUKS volume.
Better then trying some random "kiddie script" go to the source, and contact some people that really know about LUKS :
https://gitlab.com/cryptsetup/cryptsetup/
Help!

Please always read FAQ first.
For cryptsetup and LUKS related questions, please use the dm-crypt mailing list, dm-crypt@saout.de.

If you want to subscribe just send an empty mail to dm-crypt-subscribe@saout.de.

You can also browse list archive or read it through
web interface.
Read the FAQ FIRST: https://gitlab.com/cryptsetup/cryptsetu ... dQuestions
LUKS PASSPHRASE IS NOT THE MASTER KEY: The LUKS passphrase is not
used in deriving the master key. It is used in decrypting a master
key that is randomly selected on header creation. This means that if
you create a new LUKS header on top of an old one with exactly the
same parameters and exactly the same passphrase as the old one, it
will still have a different master key and your data will be
permanently lost.
Try to relax, take your time, read the FAQ carefully, and completely:
1.4 My LUKS-device is broken! Help!


First: Do not panic! In many cases the data is still recoverable.
Do not do anything hasty! Steps:


Take some deep breaths. Maybe add some relaxing music. This may
sound funny, but I am completely serious. Often, critical damage is
done only after the initial problem.
Do not reboot. The keys may still be in the kernel if the device is
mapped.
Make sure others do not reboot the system.
Do not write to your disk without a clear understanding why this
will not make matters worse. Do a sector-level backup before any
writes. Often you do not need to write at all to get enough access
to make a backup of the data.
Relax some more.
Read section 6 of this FAQ.
Ask on the mailing-list if you need more help.
And if you really prefer e-mail, they do have a mailing list you can use , as well as some e-mail contact methods.

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: "cannot open access to console the root account is locke

#26 Post by debiman »

cyberoptiq, did you actually manage to boot into recovery from grub (there's various ways to do this, and various names to call it)?

if yes, then the discussion up to now is finished, and we're moving on to the next problem: how to fix your system from within recovery mode.

if no, then you should really really try that FIRST.

cyberoptiq
Posts: 17
Joined: 2018-07-23 15:17
Location: Somewhere in PA

Re: "cannot open access to console the root account is locke

#27 Post by cyberoptiq »

Appreciate everyone's suggestions and advice concerning my problem....it's been hectic for me these past 2 weeks with doing dialysis and doctors appointments for my wife....when I get some time again I will try your suggestions....I will update my progress and the outcomes...Thanks again everyone!!

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: "cannot open access to console the root account is locke

#28 Post by GarryRicketson »

Debiman is right, I mentioned earlier in the thread and showed some some screen shots, on how to do that, and the OP did say they would try the live CD first, :
http://forums.debian.net/viewtopic.php? ... 15#p677505
And in this reply:
Postby cyberoptiq » 2018-07-31 17:24
Sorry for the late reply....been busy with doctors appointments for wife and I due to kidney transplant we're trying to get done....don't remember if I mentioned this earlier but my drive is encrypted when I did the install....I popped a live (old 8.4.0) DVD in the laptop and am replying from it right now....
So any way, we did not know it was LUKS encrypted when we suggested the Live device, there were others that also suggested this.
Again I stress, I do not know anything about the LUKS encryption, but learned a little, doing a search: key words :

Code: Select all

Access a LUKS encrypted drive from a Live DVD 
Various hits, and they all said basically the same as this one:
http://caribou.kamikamamak.com/2011/09/ ... hard-disk/
First of all, you need to make sure that lvm2 and cryptsetup packages are installed. If not, go ahead and install them
It appears the Live device needs to have these packages on it, since a Live DVD normally can not be written to, I don't see any way to install the needed package, it would need to be installed when the LiveDvd is made, a Live USB that is not persistent, (can be written to ), one could install the package,....
So any way, agreed, it would be better to try the "single user mode" (that is what I call it) ,
Post by debiman » 2018-08-01 13:56
cyberoptiq, did you actually manage to boot into recovery from grub (there's various ways to do this, and various names to call it)?
So I second this, the OP should try this first, and see if it accepts the LUKS encrypt pass phrase,..
If the method I showed does not work, maybe someone else can give details on another method, in fact it seems to me like I have read that on Debian 9 , it is slightly different,...
I am looking at some results from keywords:

Code: Select all

How to boot into Debian 9 as single user from the grub menu, and luks encrypted drive 

But it could be several hours before I can "digest" it all, and I have no means of trying anything, would have to set up a VM for that, however at a glance it does certainly look like it is possible .
Grub2 has already supports for
> > accessing LUKS partitions. Just add GRUB_ENABLE_CRYPTODISK=y (or in
> > older versions GRUB_CRYPTODISK_ENABLE=y) to /etc/default/grub.
It is pretty obvious the method I showed earlier , probably won't work.
If some one else here has first hand experience with this , it would be nice if they shared some details.
====Edit===
@OP, you really should take the time to read carefully the LUKS faq :
https://gitlab.com/cryptsetup/cryptsetu ... dQuestions
And maybe join the mailing list:
https://gitlab.com/cryptsetup/cryptsetup/ I think you will find someone that has first hand experience with this, to get specific instruction on
booting in "rescue mode" or as "single user", from what I have read, (very little) but it does appear LUKS has ways to accommodate this kind of situation.

Dai_trying
Posts: 1100
Joined: 2016-01-07 12:25
Has thanked: 5 times
Been thanked: 16 times

Re: "cannot open access to console the root account is locke

#29 Post by Dai_trying »

GarryRicketson wrote: It appears the Live device needs to have these packages on it, since a Live DVD normally can not be written to, I don't see any way to install the needed package, it would need to be installed when the LiveDvd is made, a Live USB that is not persistent, (can be written to ), one could install the package,....
I just wanted to point out that if you boot into a live session and run

Code: Select all

# apt update
you will then be able to

Code: Select all

# apt install foo
to get whatever packages you need, obviously these packages will be lost upon reboot but it would give you what you needed for a live-session repair of a broken system.

I have done this many times using the Xfce Live-Cd (debian-live-9.5.0-amd64-xfce.iso is my current image) and it might help OP

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: "cannot open access to console the root account is locke

#30 Post by GarryRicketson »

Wow, thanks,
---snip---but it would give you what you needed for a live-session repair of a broken system.

I did not know you could do this, and at least have the package/program temporarily,...
---and it might help OP
, not just the OP, I find this useful, and a very possible help to me in the future, Thanks again.

Cyborg
Posts: 38
Joined: 2016-12-01 19:07
Has thanked: 1 time
Been thanked: 2 times

Re: "cannot open access to console the root account is locke

#31 Post by Cyborg »

The same thing happened to my dad's vanilla debian stable (9.5). After much duckduckgoing, I realized I needed to run fsck manually. With the root account locked, I

- started the system appending "-init=/bin/bash"
- unmounted all partitions with umount, from /dev/sda1 to sda6
- ran fsck -f on all partitions, from /dev/sda1 to sda6 and answered Y to all queries

Post Reply