[yocto] Setting up a password for the root user

Sat Jan 12 12:04:26 PST 2019

For security it is best to disable console login for root and all users
altogether and use ssh with keys. If you are building many devices you
would want to provision each of them with unique keys.

:rjs

On Sat, Jan 12, 2019, 04:42 Stefano Cappa <stefano.cappa.ks89 at gmail.com
wrote:

> From a security point of view, Is it better to use  "usermod -p `openssl
> passwd mypass` root; \" or with uppercase P "usermod -P mypass root; \" ?
>
>
> Il giorno sab 12 gen 2019 alle ore 04:38 Rudolf J Streif <
> rudolf.streif at ibeeto.com> ha scritto:
>
>> Alberto,
>>
>> The quotes around
>>
>> `openssl passwd ${ROOT_PASSWORD}`
>>
>> have to be backticks (`) not single quotes (').
>>
>> :rjs
>>
>> On 01/11/2019 07:41 AM, Alberto Spin wrote:
>>
>> Hello There,
>>
>>
>>
>> I’m trying to set a password for the root user of my distribution (based
>> rocko branch)
>>
>>
>>
>> I’ve added the following to my image recipe:
>>
>>
>>
>> inherit extrausers
>>
>>
>>
>> # set image root password
>>
>> ROOT_PASSWORD = "secret"
>>
>>
>>
>> EXTRA_USERS_PARAMS = "\
>>
>>     usermod -p 'openssl passwd ${ROOT_PASSWORD}' root; \
>>
>>     "
>>
>>
>>
>> Everything builds fine, but in my image I end up with a password in my
>> /etc/shadow file like this:
>>
>>
>>
>> openssl passwd secret
>>
>>
>>
>> so it seems like the openssl command has not been executed during the
>> build, but instead the literal command is now part of my password.
>>
>>
>>
>> Can anybody please explain what’s going on here, and how to fix this?
>>
>>
>>
>> Kind Regards,
>>
>>
>>
>> Alberto
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> _______________________________________________
>> yocto mailing list
>> yocto at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/yocto
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190112/ca777a6f/attachment.html>