Site icon Dipin Krishna

Protect your grub by applying a password to it (grub-md5-crypt is broken)

Maybe you want the user to enter a password in order to boot the Recovery Mode or your secondary OS. You have to set that password in the /boot/grub/menu.lst – for higher security you should crypt your password with md5.

You have two ways to do that. The first one might-not work for all.

1. You can use the utility ‘grub-md5-crypt’ to generate the md5.
So type at terminal:

$ grub-md5-crypt

enter your desired password twice and copy the generated crypt-hash into the menu.lst, for example:


title Ubuntu (Kernel 2.6.12-9-386) - Recovery Mode
password --md5 $1$HSX1$JYNyfBY0pVizk5kyMQOqn/
root (hd0,2)
kernel /boot/vmlinuz-2.6.12-9-386 root=/dev/hda3 ro single
initrd /boot/initrd.img-2.6.12-9-386
boot

Now reboot and try to start the protected boot-option, enter your password.

2. Reboot your machine and enter the grub-menu. Now press “c” key on your keyboard to enter the command line of grub.
Now type:


md5crypt

Enter your desired ‘password’ and write down the ‘generated hash’. Now boot up Ubuntu, edit /boot/grub/menu.lst and paste the new hash into the correct line.

To password protect single user mode, change the value of the lockalternative variable in the file /boot/grub/menu.lst to true, as shown in the following example.

 lockalternative=true
Exit mobile version