-
Notifications
You must be signed in to change notification settings - Fork 42
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(live): Automatically generate the root password (#1292)
## Problem - Using a well known default `linux` password is insecure ## Solution - Generate a random password during boot - Print it to the console ## Testing - Tested manually ## Notes - Updated documentation
- Loading branch information
Showing
12 changed files
with
284 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 0 additions & 17 deletions
17
live/root/etc/systemd/system/agama-password-cmdline.service
This file was deleted.
Oops, something went wrong.
21 changes: 21 additions & 0 deletions
21
live/root/etc/systemd/system/live-password-cmdline.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
[Unit] | ||
Description=Set the root password from kernel command line | ||
|
||
# before starting the SSH and Agama server so they use the new password | ||
Before=sshd.service | ||
Before=agama-web-server.service | ||
|
||
# before the interactive setting methods so they can override it | ||
Before=live-password-dialog.service | ||
Before=live-password-systemd.service | ||
|
||
# plain text password or encrypted password passed via kernel command line | ||
ConditionKernelCommandLine=|live.password | ||
ConditionKernelCommandLine=|live.password_hash | ||
|
||
[Service] | ||
ExecStart=live-password --kernel | ||
Type=oneshot | ||
|
||
[Install] | ||
WantedBy=default.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 5 additions & 5 deletions
10
...systemd/system/agama-password-iso.service → .../systemd/system/live-password-iso.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
[Unit] | ||
Description=Set a random password for root if not already set | ||
|
||
# before starting the SSH and Agama server so they use the new password | ||
Before=sshd.service | ||
Before=agama-web-server.service | ||
|
||
# after all other password services, this a fallback service | ||
After=live-password-cmdline.service | ||
After=live-password-dialog.service | ||
After=live-password-iso.service | ||
After=live-password-systemd.service | ||
|
||
[Service] | ||
ExecStart=live-password --random | ||
Type=oneshot | ||
|
||
[Install] | ||
WantedBy=default.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.