You may have heard of Amazon Linux 2. It's an AWS operating system, developed by Amazon. It's offered for free,
and you even get virtual machine appliances for testing. Which is what I did, as I showed you in
my article on this topic.
The one snag that I hit during the testing was the login. Normally, you use SSH to log into your EC2 instances.
But what do you use for an essentially offline virtual machine? I could not find any root/ec2-user combo online,
and the usual method of trying to change password in single mode did not work. Hence this guide. It will show you
how to manually change the login credentials for your Amazon Linux 2 virtual machine, so you can begin testing.
download the image. Boot. Login. What
Long-time Linux users will remember the trick. Force your system into single mode, remount the root as writable,
change the password, reboot. We've all done this numerous times. Alas, no longer possible.
I tried to append
init=/bin/bash to the boot options in the boot menu, and the system had a kernel
panic. I'm not sure if this is something in the kernel, the fact Amazon Linux uses the glorious systemd, or
something else, but the old and proven method did not help.
Reading online, apart from the million bin-bash entries that yielded nothing new, I found a detailed
article on how to change
the password for RHEL version 7. The tutorial also mentions the more philosophical concept of a change
transitioning from RHEL 6 to RHEL 7, and the fact this is part of the RHCSA exam. I mean what? Where has simplicity
Anyway, I promise you a rant, but as the article states, adding
rd.break to the kernel line might help, and since Amazon Linux 2 is based on RHEL, I
thought let's do it. Only it did nothing. Amazon Linux blithely booted normally. This did not yield the desired
Amazon has a very
vague passage explaining how to do this. They say you should create a cloud-init configuration ISO, and then
they refer you to virtualization platform documentation. Not very helpful, I'm afraid.
Mount VDI manually
We talked about this in the past. I showed you how to mount virtual machine disks and partitions as loopback
devices, so you can edit the filesystem contents. We used
clone KVM machines. We will do the same thing here, and I'm going to show you yet
another way to mount and present virtual machine image filesystems.
We need the qemu-nbd tool, which does a similar trick. This utility is available as part of the qemu-kvm package
in most distributions, so you install it. Then, use the tool. If the execution fails, you may need to manually load
the nbd (network block device) module into memory. So, the sequence of commands (as sudo or root):
<package manager> install qemu-kvm
qemu-nbd -c /dev/nbd0 <name of virtual machine vdi hard disk>
Locate the download the Amazon Linux 2 vdi image and map it into the command above. You do not specifically need
to use /dev/nbd0, you can use any which number, but it's easier and cleaner to work sequentially.
Once the block device has been mapped, you will find its partitions under /dev/nbd0p*. The numbers will match
the actual hard disk partition layout, say p1, p2, etc. Again, this is almost identical to what what we did with
partx. The next step is to mount the desired partition somewhere:
mount /dev/nbd0pX /mountpoint
Once you've done this command, you now have the contents of the Amazon Linux 2 vdi filesystem (partition)
exposed under your desired mountpoint (e.g. /mnt), and now we can manipulate it.
Edit the /etc/shadow file
Now we want to change the password. How we're going to do this is as follows. On our native Linux, the one
actually running the virtual machine, create a new user. You can call it whatever you want. Let's say amazon.
Create a password. Open the
/etc/shadow file. You will notice that the password is encrypted and presented as a
long hash, in between two colon delimiters. Great. This is what we need. Something like:
Now navigate to the Amazon Linux 2 filesystem mountpoint from earlier, say /mnt and open
its shadow file in a text editor:
<text editor> /mnt/etc/shadow
You will notice that the default user is actually called
ec2-user. Even if you did not know this, now you do. It also has some hash there for
the password. I have no idea what it is, and it does not matter.
Replace the hash with the one from the local amazon user. Save the file, unmount the
Reboot, login, work, and enjoy
Start your virtual machine again. Once you get to the login prompt, identify yourself correctly with the right
user name and the password that we just planted there. You will have now logged in, and you can begin working with
your virtual machine appliance. Now, we did it with Amazon Linux, but this trick applies to ALL Linux distributions
and filesystems out there. If you can't run system maintenance normally, you can use this trick to get around the
limitation and make necessary changes to the filesystem. This is quite useful for virtual machines. We did this
with KVM and now with VirtualBox, too.
If you're keen on testing Amazon Linux 2 but you're hitting the login credentials snag, and you do not feel like
creating your own ISO images, or trying to figure out the full, proper way to use EC2 stuff, you can use partx or
qemu-nbd to mount the virtual hard disk, and manually edit the shadow file. This is a guaranteed workaround, in
case booting into single mode or rescue mode or whatever does not cut it for you.
Amazon Linux 2 looks like a fun operating system with some rather interesting features, and it would be a shame
to miss them because of a technical/bureaucratic bungle like the initial login/password. I mean there's no reason
why there ought not to be a default set, like any which distro. Plus the generic changes in the Linux
infrastructure, vis-a-vis init=/bin/bash sure do not help. Hopefully, this article provides you with the necessary
technical know how and adventurous spur to start your journey. Best of all, it's distro-agnostic. Any which virtual
machine appliance, any which filesystem, you'll be able to make the necessary changes for your testing. Have fun