Some key things this preseed file covers:
User Accounts
- It skips creation of a normal user account
- It enables root login
- It sets the root password using a pre-computed sha-512 hash:
d-i passwd/root-password-crypted password $6$H/WJeEJc$0HnpUXUtjPR/RMpD3qxvb.OGJgTY425jnZn6a9X0YrhGXyEifkR5kTJ20zpv9etzI0k.a9j2G4jMUZjx1XCIH0
System Configuration
- It configures language/locale to English (United States)
- It sets up networking details like hostname, domain, mirror
- It configures the timezone to Europe/Warsaw
- It automates disk partitioning to use entire disk with LVM
Software Selection
- It installs only a minimal set of packages
- It additionally installs the openssh-server package
- After installation, it modifies /etc/ssh/sshd_config to permit root login over SSH
The root password in the preseed file is stored not as plaintext, but as a cryptographic hash generated using the sha-512 algorithm. A few key points about this:
-
One-Way Hash: SHA-512 is a one-way hash function, meaning the original password cannot be directly obtained or "decrypted" from the hash alone.
-
Brute Force Required: The only way to determine the original password is through brute force attacks - guessing potential passwords, hashing them with SHA-512, and checking if the hashes match.
-
Hash Format: The
$6$
prefix in the hash string indicates it is a SHA-512 crypt hash as per RFC 7544 standard.
For example, the password "mypassword" hashed with SHA-512 would look like:
$6$pnXxmUuZuMlP7o8Z$Ak3kcMlNVjZizPeFtHNYLU08LOEEs3TJmcMlT74jXwuSL3og.yKXZv.sPqbWDyR6DKoF8N1CXC/ztbVkzoKJX1
Directly reversing or "decrypting" such a hash is computationally infeasible. The only option is brute force guessing of the original password.
In summary, this preseed file automates a minimal Debian install with root login enabled and a pre-computed SHA-512 password hash set for the root account. Obtaining the plaintext password from the hash requires brute forcing it through exhaustive guessing attempts.