Enable console login with password
494 views
Skip to first unread message
Grant Ellis
Dec 30, 2016, 7:44:08 AM12/30/16
to CoreOS Dev
I'm running CoreOS Stable (version 1185.5.0).
I have already created a user "admin" with a known password, but it still will not me log into the console with this user. SSH login works just fine with this user.
Thanks for your help!
Alex Crawford
Jan 6, 2017, 5:51:51 PM1/6/17
to coreo...@googlegroups.com
On 12/30, Grant Ellis wrote:
> I need to enable password login directly from the console, but only key
> login via SSH. Unfortunately, for my purposes, the autologin feature will
> not work because a password is required. That is, I need to provision
> CoreOS so that users can log in via SSH using a keypair (but not a
> password), and can also login from the physical console using a password.
This can be done by setting ChallengeResponseAuthentication and
> I need to enable password login directly from the console, but only key
> login via SSH. Unfortunately, for my purposes, the autologin feature will
> not work because a password is required. That is, I need to provision
> CoreOS so that users can log in via SSH using a keypair (but not a
> password), and can also login from the physical console using a password.
PasswordAuthentication to 'no'.
You can replace /etc/ssh/sshd_config (a symlink to
/usr/share/ssh/sshd_config) with a file containing the following:
Include /usr/share/ssh/sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
This will amend the default config in /usr/share/ssh/sshd_config and
disable password auth for SSH only.
-Alex
Brandon Philips
Jan 17, 2017, 2:00:58 PM1/17/17
to coreo...@googlegroups.com
It would be great if someone could contribute a doc for this :) https://github.com/coreos/docs
Grant Ellis
Jan 17, 2017, 6:35:40 PM1/17/17
to coreo...@googlegroups.com
If this is getting documented, then I’ll clarify my problem and resolution for you. Hopefully this helps someone else!
My SSH config already resembled the below, and it was already impossible for users to log in via SSH without a key (e.g. no logging in via SSH with a password). However, my problem was that users could not log into the console with their password either, and I needed to enable that.
I found out what caused the above. My cloud-config file was creating a user with the password set, and the encrypted string was incorrect. However, part of my system provisioning process was to run `sudo password <username>` for that user, thus resetting the password. Unfortunately, immediately after running that command, I was shutting down the system, so that, on the next boot, the password was reset to the original value anyway.
I corrected this by removing the user from the cloud-config entirely, and then adding the user on the command-line, rather than merely setting the password on the command-line.
Alex Crawford
Jan 17, 2017, 6:48:38 PM1/17/17
to coreo...@googlegroups.com
On 01/17, Grant Ellis wrote:
> Unfortunately, immediately after running that command, I was shutting
> down the system, so that, on the next boot, the password was reset to
> the original value anyway.
coreos-cloudinit strikes again! This is one of the many reasons we
> Unfortunately, immediately after running that command, I was shutting
> down the system, so that, on the next boot, the password was reset to
> the original value anyway.
decided to build Ignition and have it only run on first boot.
-Alex
Reply all
Reply to author
Forward
0 new messages