Root Autologin on CentOS

Do not do this – it is a very, very bad idea!!! Doing this for any reason (other than the fun of it – in a ‘safe’ virtual environment) should carry with it an eternal ban prohibiting the use of a computer.

Alright, if you are still reading, and understand that you should never, ever do this, let’s get on with breaking of some fundamental security rules of Linux.

Firstly, to get autologin working, we will edit /etc/init/tty.conf:

Change the line: exec /sbin/mingetty $TTY

to: exec /sbin/mingetty --autologin root $TTY

That’s it – restart, and you should automatically be logged in as root.

Now, to break whatever remaining rules of security having a root autologin didn’t break, let’s also give root an empty password. To do this, we need to edit /etc/shadow. Firstly, though – the file is read-only – even to root (which is a pretty good indicator that you shouldn’t be touching it).

Make the file writable: chmod u+w /etc/shadow

Fields in /etc/shadow are colon delimited. The first field is the username, the second field is the password. To get an empty password, remove everything between the first and second colons for the user root so you have something like:

root::15410:0:99999:7:::

Save the file and revert the permissions (chmod u-w /etc/shadow).

If you try to login to this server via SSH, you will find that you cannot. By default, SSH requires a non-empty password, to fix that, edit /etc/ssh/sshd_config and add/uncomment the line:

PermitEmptyPasswords yes

You also need PermitRootLogin yes, however it is the default on CentOS 6.

At this point you should be able to login to your server via SSH, as root, with no password. Essentially, you only need to know the IP address of your server (and the SSH port) to get in as root.

Recap

For CentOS 6.2, the following steps accomplish all of the above:

sed -i -e 's/exec \/sbin\/mingetty $TTY/exec \/sbin\/mingetty --autologin root $TTY/g' /etc/init/tty.conf
chmod u+w /etc/shadow
sed -i -e 's/^root:[^:]*:/root::/g' /etc/shadow
chmod u-w /etc/shadow
sed -i -e 's/#PermitEmptyPasswords .*/PermitEmptyPasswords yes/g' /etc/ssh/sshd_config

Just in case you didn’t get the message at the start – if you find yourself needing to do this, something is very wrong – so just don’t do it.

By cyberx86

Just a random guy who dabbles with assorted technologies yet works in a completely unrelated field.

2 comments

Leave a comment

Your email address will not be published. Required fields are marked *