Yocto build to add root password


JH <jupiter.hce@...>
 

Hi,

I built a Yocto image and I could log into the root without password,
how could I set up the Yocto build in a receipt to set password for
logging?

Thank you.

Kind regards,

- jh


Gabriele
 

Hi JH,


Regards,
Gabriele


On Mon, Nov 25, 2019 at 11:19 AM JH <jupiter.hce@...> wrote:
Hi,

I built a Yocto image and I could log into the root without password,
how could I set up the Yocto build in a receipt to set password for
logging?

Thank you.

Kind regards,

- jh
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#47404): https://lists.yoctoproject.org/g/yocto/message/47404
Mute This Topic: https://lists.yoctoproject.org/mt/61917008/3618237
Group Owner: yocto+owner@...
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  [gabbla.malist@...]
-=-=-=-=-=-=-=-=-=-=-=-


Rudolf J Streif
 

Hi,

That's done via the extrausers class in an image recipe. Add this to your image recipe:

>>>>>>
inherit extrausers

ROOT_PASSWORD = "secret"

EXTRA_USERS_PARAMS = "usermod -p `openssl passwd ${ROOT_PASSWORD}` root;"

<<<<<<

Make sure you use the backticks (`).

:rjs

On 11/23/19 2:25 PM, JH wrote:

Hi,

I built a Yocto image and I could log into the root without password,
how could I set up the Yocto build in a receipt to set password for
logging?

Thank you.

Kind regards,

- jh

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#47404): https://lists.yoctoproject.org/g/yocto/message/47404
Mute This Topic: https://lists.yoctoproject.org/mt/61917008/3617932
Group Owner: yocto+owner@...
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  [rudolf.streif@...]
-=-=-=-=-=-=-=-=-=-=-=-
-- 
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3386 x700


Mauro
 

On 25/11/19 17:24, Rudolf J Streif wrote:
Hi,
That's done via the extrausers class in an image recipe. Add this to your image recipe:

>>>>>>
inherit extrausers
ROOT_PASSWORD = "secret"
EXTRA_USERS_PARAMS = "usermod -p `openssl passwd ${ROOT_PASSWORD}` root;"
<<<<<<
Make sure you use the backticks (`).
:rjs
On 11/23/19 2:25 PM, JH wrote:

Hi,

I built a Yocto image and I could log into the root without password,
how could I set up the Yocto build in a receipt to set password for
logging?

Thank you.

Kind regards,

- jh
Hi,

pay attention that "openssl passwd ${ROOT_PASSWORD}" command handles only passwords up to 8 characters (the extra characters will be truncated and the generated hash is for the first eight).

If you want to use more than 8 characters in the password, use another password algorithm instead of the default one. You can see other supported algorithms typing "openssl help passwd".

For example, command could become

openssl passwd -6 ${ROOT_PASSWORD}


Regards

--
Mauro Salvini | KOAN sas | Bergamo - Italia
embedded software engineering
Phone: +39 035-255235
http://KoanSoftware.com


JH
 

Thanks Gabriele, Rudolf and Mauro, brilliant.

On 11/26/19, Mauro <m.salvini@...> wrote:
On 25/11/19 17:24, Rudolf J Streif wrote:
Hi,

That's done via the extrausers class in an image recipe. Add this to
your image recipe:

>>>>>>
inherit extrausers

ROOT_PASSWORD = "secret"

EXTRA_USERS_PARAMS = "usermod -p `openssl passwd ${ROOT_PASSWORD}` root;"

<<<<<<

Make sure you use the backticks (`).

:rjs

On 11/23/19 2:25 PM, JH wrote:

Hi,

I built a Yocto image and I could log into the root without password,
how could I set up the Yocto build in a receipt to set password for
logging?

Thank you.

Kind regards,

- jh
Hi,

pay attention that "openssl passwd ${ROOT_PASSWORD}" command handles
only passwords up to 8 characters (the extra characters will be
truncated and the generated hash is for the first eight).

If you want to use more than 8 characters in the password, use another
password algorithm instead of the default one. You can see other
supported algorithms typing "openssl help passwd".

For example, command could become

openssl passwd -6 ${ROOT_PASSWORD}


Regards

--
Mauro Salvini | KOAN sas | Bergamo - Italia
embedded software engineering
Phone: +39 035-255235
http://KoanSoftware.com


Andy Pont
 

Mauro wrote...

pay attention that "openssl passwd ${ROOT_PASSWORD}" command handles only passwords up to 8 characters (the extra characters will be truncated and the generated hash is for the first eight).
 
If you want to use more than 8 characters in the password, use another password algorithm instead of the default one. You can see other supported algorithms typing "openssl help passwd".
 
For example, command could become
 
openssl passwd -6 ${ROOT_PASSWORD}
 
I tried this out on a build that I am working on for which I needed to add a root password and to create a non-root user with a password.

If I use:

EXTRA_USERS_PARAMS += "usermod -p `openssl passwd -6 ${ROOT_PASSWORD}` root;”

When I try to login to the device it rejects the password that was defined as ROOT_PASSWORD.  If I remove the “-6” from the openssl command and rebuild/deploy the image then I can login to the target as expected.  Is there something else that needs to be defined/included in the Yocto configuration in order for the “-6” option to work?

-Andy.


Mauro
 

On 27/11/19 12:06, Andy Pont wrote:
I tried this out on a build that I am working on for which I needed to add a root password and to create a non-root user with a password.
If I use:
EXTRA_USERS_PARAMS += "usermod -p `openssl passwd -6 ${ROOT_PASSWORD}` root;”
When I try to login to the device it rejects the password that was defined as ROOT_PASSWORD.  If I remove the “-6” from the openssl command and rebuild/deploy the image then I can login to the target as expected.  Is there something else that needs to be defined/included in the Yocto configuration in order for the “-6” option to work?
-Andy.
Actually I'm using:

EXTRA_USERS_PARAMS = " usermod -p '$(openssl passwd -6 myrootpassword)' root;"

with success on warrior.

Sorry, I forgot to mention that with password algorithms like the -6 we need the two ' ' around the openssl command, because the generated hash contains the "$" character, that is resolved as a bash variable somewhere in the process.

But at this point I'm not sure if ${ROOT_PASSWORD} works (I'm using the password wrote on the command, not passed by variable).

Regards

--
Mauro


Andy Pont
 

Mauro wrote...

Actually I'm using:

EXTRA_USERS_PARAMS = " usermod -p '$(openssl passwd -6 myrootpassword)' root;"

...

But at this point I'm not sure if ${ROOT_PASSWORD} works (I'm using the password wrote on the command, not passed by variable).
Switching to the ‘$(openssl …)’ form has worked, even using the ${ROOT_PASSWORD} variable.

Thanks for your help!

-Andy.