About this blog…

I am employed by Netnod as head of engineering, research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN. You can find CV and photos of me at this page.

As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

Password recovery on VMWare ESXi 4 – problems with tar

One of my VMWare servers had a master password (to the VMWare console) that I had forgot. I.e. I had forgot to write it down, and not had any need to access the console for a while.

Started to look for a routine for password recovery, but after quite a lot of searching, I found that for ESXi 4, there is no way to recover the password. Would that stop me from trying? Not really, as reinstall would be quite difficult for various reasons, if nothing else because I did not have any CD to burn the VMWare software on.

I looked around, and found this process, which seems to work. I boot the VMWare ESXi from a USB stick, so the easiest thing was to just plug the USB stick into my Mac. Untar the local.tgz file (that btw was in the Hypervisor1 partition on the USB stick), edit the etc/shadow file etc as described. Pack the local.tgz file, place it on the USB and reboot.

Which failed with the error “Failed to find the boot partition” in the console.

The trick here is to understand what went wrong. You can access the console at this stage by typing the word “unsupported” (without quotes), and then just press return (as the root account do not have any password set at this stage). If things are sort of ok, you should get a prompt.

If you look in the /var/log/messages file, towards the end, you should see (if you have the same problem as I) that the file local.tgz could not be un-tar:ed. Or rather, the error message could be just anything.

If you try to untar manually (with the -tvzf flags), you will see the “tar: corrupted octal value in tar header” message from tar. A message that is not visible at boot, and not visible in the /var/log/messages file. But, this is the key…

You see, VMWare has built their system based on the BusyBox package. Pretty common, using many GNU utils etc. Including tar. But, the tar command they have is very sensitive. It can only handle one of the possibly 4-5 different formats that exists out there.

And of course on Snow Leopard, the tar installed is not creating a tar file with the correct format (MacOSX changed the tar binary between 10.5 and 10.6). Using FreeBSD is not helping either.

The correct solution on Snow Leopard is to give the following command to create the file:

# /usr/bin/gnutar --format=gnu -czf local.tgz etc

According to the manual page for gnutar on the mac, the format gnu refers to GNU tar 1.13. Which obviously is one of the few (maybe the only) format the tar that is installed in the Busybox that VMWare uses can parse.

6 comments to Password recovery on VMWare ESXi 4 – problems with tar

  • Bob

    Over time, I am coming to hate passwords. There are so many places where they are needed and where I don’t want to use a trivial one. I don’t like writing them down, there isn’t much alternative. sigh…..

  • CJ

    I have to remember so many damn passwords that I had to get a password manager that I can have on my phone, home and work PC’s – It’s about the only thing that keeps me sane, some days!
    Having used this manager for about 3 years now, I REALLY couldn’t manage my system without it! LOL.

  • I started using the same password (actually 3 variations) for virtually every account I have online. I admit, that may be just plain stupid, but it’s worked so far. And if/when it stops working, so will I.

  • Like Travis I used to use a single password for everything because it made life easy but I always knew that it was also a stupid (or better still dangerous) idea. Eventually I stopped the practice and feel much safer now.

  • Daniel Go

    Oh, I thought I’m the only one using same passwords for all account, even my bank account. :) Thank God, I;m not alone.

  • Why not use something like Roboform which remembers all your passwords? You can generate really complex ones with a push of a button. I’ve leary about using the same password for everything. If someone got a hold if it it would be a total disaster!