Closed LVerneyPEReN closed 3 years ago
PRs are definitely welcome. I think the best path forward would be to
add a hashedPassword
option that will take precedence over password
if it exists.
I don't believe #2409 fully closes this. We need to automatically hash the existing password.
Like you type hashedPassword in plaintext and code-server in runtime hashes it?
That could be one way to do it but I was confused when I wrote my above comment. This issue is definitely closed. I was thinking we could automatically always convert password
in config.yaml
to hashedPassword
and rewrite the file. However, users need to see the default generated password
when they login for the first time. Perhaps we should add something to the CLI to allow specifying the new password, hashing it and then storing it in config.yaml
as hashedPassword
.
I'm opening a new issue.
edit: nvm, decided against automation here for now. sha256sum
is soo easy to use. perhaps we should add an example somewhere in the docs.
I'm attempting to follow the instructions to use a hashed password, however it does not appear to be working for me on: v3.8.0 with Ubuntu 18.04.04
From the FAQ: https://github.com/cdr/code-server/blob/v3.8.0/doc/FAQ.md#can-i-store-my-password-hashed
it states to literally use "hashed-password" instead of "password". From the PR (https://github.com/cdr/code-server/pull/2409/files) I see reference to "hashedPassword" instead - (unknown if that is relevant). What I can say is I have tried the following combinations in the config file and restarted the service each time, none seem to work for me. (I must be missing something, but in any case the FAQ does not explicitly say which "password" to change, the password field name, the auth field value, or just the password field value. FYI, changing just the password value does not work either, but it does allow me to use the hashed value to log in with, which obviously is not what I want. Help?
bind-addr:
bind-addr:
bind-addr:
bind-addr:
bind-addr:
bind-addr:
bind-addr:
bind-addr:
bind-addr: IP:Port
auth: password
hashed-password: <Hashed_Password>
cert: false
This is the one that should work. They changed it from hashedPassword
to hashed-password
in #2454.
No idea why that didn't work for you though :confused:
I have changed it as you have shown above and after restarting the service it does not work. I'm also using the exact sha256sum command with my own password (with and without double-quotes). Is there a log or something I can look in/check?
hey, I have the same issue, using HASHED_PASSWORD
as env variable.
When I try to logon it says Please log in below. Password was set from $HASHED_PASSWORD.
but the password is not working
I create my hashed password with echo "dev" | sha256sum | cut -d' ' -f1
Using the offical docker image /codercom/code-server:3.8.0
Thank you for validating that I'm not completely crazy. :) - Could anyone else confirm this and a possible fix?
Use printf
instead of echo
. echo
contains a new line character at the end of its output.
ahhhh, yes that makes sense ;-) echo -n
should also solve the problem (-n, Do not output a newline
)
echo -n
isn't portable!
printf "password" | sha256sum | cut -d' ' -f1
Works for myself and make sure to quote the HASHED_PASSWORD='
I'm just feeling it might be useful for people confused about this if I link the current doc: https://github.com/coder/code-server/blob/main/docs/FAQ.md#can-i-store-my-password-hashed
Generate the hash with:
echo -n "thisismypassword" | npx argon2-cli -e # should output something like: $argon2i$v=19$m=4096,t=3,p=1$wst5qhbgk2lu1ih4dmuxvg$ls1alrvdiwtvzhwnzcm1dugg+5dto3dt1d5v9xtlws4 # Replace thisismypassword with your actual password and remember to put it inside quotes!
Hi,
As far as I understand, the current password setup stores the password as plaintext in the user config file. It would probably be safer to have it stored as a hash and do a hash comparison upon login.
Is this feature already available? Else, would you accept a PR adding this behavior?
Thanks, Best,