You are not logged in.

#1 2020-10-30 19:35:11

SoilPh9.6
Member
Registered: 2020-10-30
Posts: 4

Locked out of sudo password and LUKS password

I got a new SSD and I installed Arch with Btrfs and LUKS encryption a two days ago, seemingly no issues.
Suddenly, when I went to install a few packages from the repos, I found my user password no longer working. It did not work for logging in and out of the session either and, even worse, my LUKS password did not work at reboot. Booting into a BTRFS snapshot didn't work either (although I guess the password for LUKS resides out of the root subvolume?)

I grabbed my Arch live USB to try troubleshooting a bit. To my surprise, I could unlock the LUKS container just fine, chroot and browse the filesystem, everything seemingly in place, meaning I could rule out any possible corruption issue. I did not know exactly what to do so I tried just changing the LUKS, root and user passwords and hope for the best. It did not work. At that point I gave up.

I am really not savy enough to make sense of this so I hope any of you has any idea about what could have possibly happened. I am actually ready to reinstall everything as a last resort but I am scared that this issue may manifest itself again.

Offline

#2 2020-10-30 20:30:00

seth
Member
Registered: 2012-09-03
Posts: 49,981

Re: Locked out of sudo password and LUKS password

Broken kernel update?
a) did you ensure the keyboard produces the expected input
b) check your pacman log on what was actually updated
c) compare the installed kernel to the one that gets booted, eg. "file /path/to/boot/partition/vmlinuz-linux"

Offline

#3 2020-10-30 20:38:34

weirddan455
Member
Registered: 2012-04-15
Posts: 209

Re: Locked out of sudo password and LUKS password

Is your root partition encrypted with LUKS (full disk encryption)?  If so, my first hunch would be to run mkinitcpio to remake your initramfs.  That's done automatically by pacman whenever a kernel update is installed (and there was a new kernel update today.)  However, if your initramfs isn't in /boot, pacman may have not updated that file.  I know when I was using LUKS, I had my kernel and initramfs in my EFI partition which required me to copy those files after a kernel update.  I can't remember if there's a way to configure pacman to put the files there automatically or not.  It's been a while.

Also, if you could provide some more info on your setup, you'd probably get some better answers (are you using full disk encryption, which bootloader, are you using EFI boot, etc.).

Offline

#4 2020-10-30 21:22:18

SoilPh9.6
Member
Registered: 2020-10-30
Posts: 4

Re: Locked out of sudo password and LUKS password

seth wrote:

Broken kernel update?
a) did you ensure the keyboard produces the expected input
b) check your pacman log on what was actually updated
c) compare the installed kernel to the one that gets booted, eg. "file /path/to/boot/
partition/vmlinuz-linux"

a) I am not sure how I would do that considering the only thing I can type is the masked password. However, I ensured that the keyboard layout in vconsole.conf was the correct one.
b) this was the first kernel update this system got, however even if it may explain the LUKS password it doesn't really explain the user password. Logs show the initramfs being correctly updated.
c) not sure how to exactly check this

weirddan455 wrote:

Is your root partition encrypted with LUKS (full disk encryption)?  If so, my first hunch would be to run mkinitcpio to remake your initramfs.  That's done automatically by pacman whenever a kernel update is installed (and there was a new kernel update today.)  However, if your initramfs isn't in /boot, pacman may have not updated that file.  I know when I was using LUKS, I had my kernel and initramfs in my EFI partition which required me to copy those files after a kernel update.  I can't remember if there's a way to configure pacman to put the files there automatically or not.  It's been a while.

Also, if you could provide some more info on your setup, you'd probably get some better answers (are you using full disk encryption, which bootloader, are you using EFI boot, etc.).

Updated initramfs manually to no avail.
My setup is full disk encryption (except /boot), GRUB, and /boot residing on the ESP. I also have both Linux and Linux LTS installed, I can't boot into either.

Offline

#5 2020-10-30 21:30:20

seth
Member
Registered: 2012-09-03
Posts: 49,981

Re: Locked out of sudo password and LUKS password

From the live distro, mount the boot partition and query the kernel image there with "file".
Mount the root partition and look at /lib/modules.

Did you get some "wrong password" for the user login or did the login just fail?
It's a bit ago, but https://bbs.archlinux.org/viewtopic.php … 2#p1922862

Offline

#6 2020-10-30 21:52:32

SoilPh9.6
Member
Registered: 2020-10-30
Posts: 4

Re: Locked out of sudo password and LUKS password

seth wrote:

From the live distro, mount the boot partition and query the kernel image there with "file".
Mount the root partition and look at /lib/modules.

Did you get some "wrong password" for the user login or did the login just fail?
It's a bit ago, but https://bbs.archlinux.org/viewtopic.php … 2#p1922862

I got the "Retry" warning every time I inserted the password with sudo. Also I did in fact set some variables in ~/.pam_environment before that (MOZ_ENABLE_WAYLAND=1 and GTK_USE_PORTAL=1) but I seriously doubt it has anything to do with this. I will try the rest tomorrow, I need some sleep.

Offline

#7 2020-11-02 19:49:45

SoilPh9.6
Member
Registered: 2020-10-30
Posts: 4

Re: Locked out of sudo password and LUKS password

I decided to reinstall in the end. I decided to not use LUKS encryption this time as I don't need it vitally and it makes troubleshooting harder. For good measure I changed the faillock config as suggested in the linked post. So far so good, there doesn't seem to be any problem.

Offline

Board footer

Powered by FluxBB