Open mchaker opened 2 years ago
Can you check /etc/shadow
to see if the hash was applied?
The login failure can happen if you hash the password with an algorithm that glibc in AL2 does not support.
Interestingly enough, the hash in /etc/shadow
is not the same as the hash I placed in user-data
. 🤔
I followed the steps outlined in the following page: https://github.com/bottlerocket-os/bottlerocket-admin-container#authenticating-with-the-admin-container
specifically, "Where the password-hash can be generated from:"
mkpasswd -m yescrypt -R 11 <desired password>
Interestingly enough, the hash in
/etc/shadow
is not the same as the hash I placed inuser-data
. 🤔
I'd first try using base64 -w0
on the input to ensure it's not getting a newline encoded partway through, though I don't know if that would manifest as this error.
Image I'm using:
metal-dev
Issue or Feature Request:
When setting a password in user-data.toml (via base64'd user-data as described in the docs), logging in to the local console (tty0) fails.
user-data pre-base64:
Once the admin container starts, it takes over tty0 (understandable) and attempting to log in with
root
(no password) fails. However, theuser
specified inuser-data
(bottlerocket) and the password specified bypassword-hash
inuser-data
do not work -- login always fails.However, SSHing into the host/admin container using the provided
ssh.authorized-keys
works. Inspecting the user-data shows that the user data was successfully applied (base64 value matches what is expected).