Regain access to a raspberry pi running raspbian

Introduction

I couldn’t “work” today on retrieving more access to my servers and services following my data loss as I was busy outside most of the day (which was very nice), and didn’t have the motivation to start again tonight, so no further progress on that front. But I’m also trying to retrieve the habit or writing often on this blog after the 2 months hiatus due to that event.

So let’s talk about how I managed to retrieve access to my Raspberry Pis yesterday. I’ll describe 2 methods here, because I couldn’t use the 1st one (the easiest) on my second Pi (Rpi0W) due to a lack of adapters…

Method 1: with a screen and keyboard connected to the raspberry pi

For the first method, you first need to remove the micro SD card and plug it in another machine to edit a file. So after mounting the card root (/) partition, edit the /etc/passwd file. For example, I mounted the SD card in /run/media/bacardi55/rootdir and then edited the /run/media/bacardi55/rootdir/etc/paswd files.

In that file, look for your user (eg: pi or your usual username) and remove what is between the first and second :. For example, changing from:

osmc:x:1000:1000::/home/osmc:/bin/bash

Nota: In some (older) system, instead of a x, you may see an encrypted version of your password. In other / newer system, the password is only in /etc/shadow and replaced by a simple x in your /etc/passwd file.

Anyway, after the change, my example above would become:

osmc::1000:1000::/home/osmc:/bin/bash

By doing so, you’ll be able to connect to the user without a password. See where this is going?

Remove the SD card after unmounting it (and maybe do a sync first) and put it back in your raspberry pi and start it.

When the login screen appears, just type the username you edited and you should be connected without any password being asked.

Then, same as usual, use passwd to change the password of that user again. Very easy :).

And while I was at it, I gave myself back via ssh using the same method describe in my previous post: edit the /etc/sshd_config file to authorize password connection, copy your public key and change the config back.

Method 2: full headless method

Due to the lack of a specific adapter for my pi0w, I was forced to use another method that isn’t necessary harder, but require to move the micro SD card more which was a tad more annoying.

First, remove the card from the Pi and connect it to another machine. This time, you need to mount the boot partition. In my case, I mounted it in /run/media/bacardi55/bootdir. Then, edit a file named cmdline.txt (in my case: /run/media/bacardi55/bootdir/cmdline.txt).

It should like this:

console=serial0,115200 console=tty1 root=PARTUUID=xxxxxxxx-xx rootfstype=ext4 fsck.repair=yes rootwait quiet

Edit it to add init=/bin/bash (if you read yesterday’s article, it should be familiar :)). The result should look like this:

console=serial0,115200 console=tty1 root=PARTUUID=xxxxxxxx-xx rootfstype=ext4 fsck.repair=yes rootwait quiet init=/bin/bash

Use sync and then unmount the partition. Remove the card and put it back in your Pi and boot it. The system should start on a shell with no other processes running. In this case, we need to mount the file system as for now it is in read only. For this use:

mount -o remount,rw /

Which will make the system writable.

Next is the same as usual, run passwd or passwd <user> to change the root or user password.

If like me, you need also your ssh access back, this is a good time to edit the /etc/sshd_config file to (temporary) allow ssh connection via password.

You can then stop the Pi with reboot -f.

Remove the card and mount it again in your other computer to change back the cmdline.txt file to what it was before. This time, remove the init=/bin/bash at the end that was added previously.

Remove the card and put it back in your Pi and start it. You should be able to then connect via ssh to the Pi with the password given. Then, copy your public ssh key and change the configuration again to remove password connection.

And voilà, you have access back to your Pi without a screen or keyboard attached to it.

Conclusion

These instructions, like the ones from yesterday were easy to follow to regain access to my different raspberry pi in my house. As said yesterday, the biggest part of getting my accesses back is yet to come, but I’m not going to rush it either, as I’m first focusing on mental health and other activities. But blogging again is definitely one of these activities, that’s why even though I didn’t have much time today, I still manage to use my notes from yesterday to tranform them into a short blog post.

One step at the time, and up and onwards!