Category: Authentication

Set or reset password for MySQL user

If you want to reset or set a password for an already created user, you have 3 options:

  • Set the password with a current password encryption/hash:
SET PASSWORD FOR 'mysqluser'@'localhost' = PASSWORD('newpassword');
  • Set the password with an old password encryption/hash:
SET PASSWORD FOR 'mysqluser'@'localhost' = OLD_PASSWORD('newpassword');
  • Set the password direct with a predefined hash:
SET PASSWORD FOR 'mysqluser'@'localhost' = '*67BECF85308ACF0261750DA1075681EE5C412F05';

After setting the new password:

flush privileges;

SSH key login without password

Create a public SSH key on your local server:

ssh-keygen -t rsa

Copy the public SSH key to the remote server

ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host

After this is completed you can login with the existing username (of course on both servers) without a password.
For extra security you can set a password on your key file when you create it with the first command.

Ubuntu realmd configuration

Install packages:

apt install realmd sssd adcli -y

Try if you can discover the Active Directory domain:
realm discover domain.local

Join the domain:
realm join domain.local -U admin.username

Add access group to be able to login with SSH:
realm permit -g 'gp-linux-admins'

Replace the current/generated sssd.conf:
cat << EOF > /etc/sssd/sssd.conf[sssd]
domains = domain.local
config_file_version = 2
services = nss, pam

[domain/cs.local]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = CS.LOCAL
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = domain.local
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
use_fully_qualified_names = False
simple_allow_groups = gp-linux-admins
EOF

Restart SSSD:
systemctl restart sssd

Enable automatic creation of homedirectory for the user:
cat << EOF >> /etc/pam.d/common-session
session optional pam_mkhomedir.so skel=/etc/skel umask=077
EOF