'How do I set a custom password with Cloud-init on Ubuntu 20.04?
Recently I've gotten Cloud-Init to work by mounting my config in an image. This is all fine, it works. If I break the config, it tells me. What it doesn't tell me is why I'm not allowed to log on.
What I've tried is creating my own password using echo possible | mkpasswd -m sha-512 -s and by copying the example found on the quickstart page: https://wiki.ubuntu.com/FoundationsTeam/AutomatedServerInstalls/QuickStart
Neither work. I've tried setting a custom username too. Doesn't change anything. The default ubuntu:ubuntu is also unavailable. Neither is ubuntu and blank.
What I'm using:
https://releases.ubuntu.com/20.04/ubuntu-20.04-live-server-amd64.iso
https://wiki.ubuntu.com/FoundationsTeam/AutomatedServerInstalls/QuickStart
# echo possible | mkpasswd -m sha-512 -s
$6$nqZiIASVBA.iF$9nubU0ImWVrv4XhtEq9XhSh9UYNFQ7yC9Lf7A.uheSlJ3cgI5d9ltkUwRq.X8lAwoQuLAMem6v.gJNGYwk5XA0
The following config with it's supplied password, or the above;
#cloud-config
autoinstall:
version: 1
identity:
hostname: ubuntu-server
password: "$6$exDY1mhS4KUYCE/2$zmn9ToZwTKLhCw.b4/b.ZRTIZM30JZ4QrOQ2aOXJ8yk96xpcCof0kxKwuX1kqLG/ygbJ1f8wxED22bTL4F46P0"
username: ubuntu
I've also tried setting up a users block like this:
What I'm asking for:
- A better documentation of what type of hash is expected.
- A working user-data config
Solution 1:[1]
I've finally found a working config that creates a usable account;
users:
- default
- name: kim
passwd: "$6$kW4vfBM9kGgq4hr$TFtHW7.3jOECR9UCBuw9NrdSMJETzSVoNQGcVv2y.RqRUzWDEtYhYRkGvIpB6ml1fh/fZEVIgKbSXI9L1B6xF."
shell: /bin/bash
lock-passwd: false
ssh_pwauth: True
chpasswd: { expire: False }
sudo: ALL=(ALL) NOPASSWD:ALL
groups: users, admin
ssh_authorized_keys:
- ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbJ7oF5RXUj6R1ewF15X2i6RieWFmVUkOyT0DwzgfI8fRl5mMMSRlDRYQi3NznwcWDAxLApF82FomNv8vk1V2SXDGGs8XpOvtgAPpR3JUKJGmxoiES7rxa7bq/JSmpGprsnlCocTJnOfDz6Gz2Ge4+D84EZHOW7ejbkWDBdXOYYRMIlRSoXBkb0017G/OIvPNdwZRYLzLJYjGGL08GX+/Da+lrbz8/FaewXwb/BfjRYESOG+aJNTCOQfgzNsFGJ6EslsMc1bDtCq2pvWUenlUo/2BEAICiJxmXZkAjDrIYcyTzHLE14+UfCiC6pbMEdXF2ndUARr0HcNpvJz8K0Mg4CfjRpxaopfPfHp/lMR36ys0r4bT3q9iU4ClnUAeWxbCK7pUN+D/6TVrIKLOLuuIph81sb5+jW23ycg0fjQ/2/ttKQvTzHwomN6B6T/KgXVt367Iq+uzN02wtk282pJOIIqVi3PSHVcJl1I+bFAzeEdmJP29d/wnp0ZyuNYDp0P8= miesl@mies-pc
autoinstall:
version: 1
identity:
hostname: yamanouchi-node-1
username: ubuntu
password: "$6$exDY1mhS4KUYCE/2$zmn9ToZwTKLhCw.b4/b.ZRTIZM30JZ4QrOQ2aOXJ8yk96xpcCof0kxKwuX1kqLG/ygbJ1f8wxED22bTL4F46P0"
refresh-installer:
update: yes
It creates a user with name kim and password possible. I'm not entirely sure whether refresh-installer is required (I don't think so). It's insanely insecure with password ssh and no password root, but hey. You can configure that yourself.
The ubuntu account remains unusable. I'm at a loss as to why.
Solution 2:[2]
I'm facing the very same issue. By using the shell during the installation process, I see that no users are created, hence we cannot log in after the reboot. I don't know why, either a bug in subiquity or a lack of documentation about how to use it properly. Neverteless, I was able to create an user using this trick in my autoinstall file:
late-commands:
- useradd -m -R /target -u 1001 ubuntu
- echo "ubuntu:ubuntu" | chroot /target /usr/sbin/chpasswd
- usermod -R /target -aG sudo ubuntu
Solution 3:[3]
For ubuntu 20.04, I am finding that I cannot login to the console without /etc/securetty. I'm answering with this because it's not clear if you're trying to access your account through the console.
runcmd:
- cp /usr/share/doc/util-linux/examples/securetty /etc/securetty
I find if I install /etc/securetty as a runcmd, that I can then log in with these cloud-config users on the system console. Otherwise, authentication will fail.
I make no claims about the security ramifications of deciding to use this example.
Solution 4:[4]
If you add any users via cloud-init, the default ubuntu user is not created at all. You will note that the /home/ubuntu/ directory is absent.
To create my cloud-init that allows SSH authentication, and sets a password so that I can use sudo, I have successfully used these steps:
Create a password hash with mkpasswd:
$ mkpasswd -m sha-512
Password: <enter your password here>
$6$nq4v1BtHB8bg$Oc2TouXN1KZu7F406ELRUATiwXwyhC4YhkeSRD2z/I.a8tTnOokDeXt3K4mY8tHgW6n0l/S8EU0O7wIzo.7iw1
Then, I use this section in my cloud-init:
users:
- name: brandon
groups: [ sudo ]
shell: /bin/bash
lock_passwd: false
passwd: "$6$nq4v1BtHB8bg$Oc2TouXN1KZu7F406ELRUATiwXwyhC4YhkeSRD2z/I.a8tTnOokDeXt3K4mY8tHgW6n0l/S8EU0O7wIzo.7iw1"
ssh-authorized-keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1zzzBBBGGGg3BZFFzTexMPpOZJbSa6OlzycjkPhsh4Qg2tSWZyXZ my-key-name
I prefer to use the groups: [ sudo ] syntax to grant access to sudo via a group, which is personal preference over the usage of the sudo directive.
Solution 5:[5]
if your image is?focal-server-cloudimg-amd64.img
rm -f vm_0001-focal-server-cloudimg-amd64.qcow2
qemu-img create -f qcow2 -F qcow2 -b focal-server-cloudimg-amd64.img vm_0001-focal-server-cloudimg-amd64.qcow2 20G
qemu-img info vm_0001-focal-server-cloudimg-amd64.qcow2
VM_NAME="ubuntu-20-cloud-image"
USERNAME="programster"
PASSWORD="thisok"
echo "#cloud-config
system_info:
default_user:
name: $USERNAME
home: /home/$USERNAME
password: $PASSWORD
chpasswd: { expire: False }
hostname: $VM_NAME
# configure sshd to allow users logging in using password
# rather than just keys
ssh_pwauth: True
" | sudo tee user-data
cloud-localds ./cidata.iso user-data
qemu-system-x86_64 -m 2048 -smp 4 -hda ./vm_0001-focal-server-cloudimg-amd64.qcow2 \
-cdrom ./cidata.iso -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22 -nographic
another example:
rm -f vm_0001-focal-server-cloudimg-amd64.qcow2
qemu-img create -f qcow2 -F qcow2 -b focal-server-cloudimg-amd64.img vm_0001-focal-server-cloudimg-amd64.qcow2 20G
qemu-img info vm_0001-focal-server-cloudimg-amd64.qcow2
cat >user-data <<'EOF'
#cloud-config
users:
- default
- name: jamlee
homedir: /home/jamlee
sudo: ALL=(ALL) NOPASSWD:ALL
groups: users, admin
lock_passwd: false
shell: /bin/bash
passwd: $6$yO/Yf/zQbbIXlaHN$cA/i6a6.Cp7cnHl9HEhSPyVLtsitWs3oe/2NARVCKAn54LU2kT92/vqzpeSP3N87SGFkSHGBe7uQxshZXTbL./
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6/fB4NNy2k+oAHA4Q4pOUCdH997mQq9BtxoOx99MdS+cRKYITVlN1VaLW+beYgTtTYLRdrJhgPBCk9BzriUEXhFO1D6cOslkCxHsQO5M8FPJEU+I/OSRvpU2QYnhYwP9RRKs1XjwdJ2sg924xYLHdfqcRazRFdLGmKnmz8lLrhz0HrBaBIG8Qm58YpfSrkEQ6eAs+1Xf/1VlCTN4sKq2lwLYGFv8GkMOPRndhiEEc5HTZPfGtOp928xJR63WxUoWn2deDGQxU+Z3wGlZ4Ag0SHGM6uZkaRD+LYZHj+m7J979SJ2uqiLC4YCMjoQF5yqUgsu6bzvVh5TesrW2FZ1PrdWjxZGkmS7gv5PJnAdJ4xKLuuG9Bq5QZmWSTPMaKo6Z23HbAbmBj1stUfNbF7apt+GPiGjR4yZk5+tNCQ2n5fRCufNdsFyeBIXnx6MMugbKq2O70F365fyVNR0otleISpmnpnPlfG+n/+rhdf6w5+b0SYaJ3bBYMdXCrTZ8lj68= root@DESKTOP-SBBNAKK
system_info:
default_user:
name: ubuntu
home: /home/ubuntu
password: ubuntu
chpasswd:
expire: false
hostname: vm-001
ssh_pwauth: yes
EOF
cloud-localds ./cidata.iso user-data
qemu-system-x86_64 -m 2048 -smp 4 -hda ./vm_0001-focal-server-cloudimg-amd64.qcow2 \
-cdrom ./cidata.iso -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22 -nographic
Solution 6:[6]
I do not have enough rep to post a comment, but as stated here and I can confirmed with my tests, to set password for existing user you have to use hashed_passwd, not simply passwd
Example:
#cloud-config
users:
- name: root
lock_passwd: false
hashed_passwd: <output from mkpasswd --method=SHA-512 --rounds=4096>
ssh_authorized_keys:
- ssh-rsa <key>
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Mies van der Lippe |
| Solution 2 | |
| Solution 3 | mike |
| Solution 4 | Brandon |
| Solution 5 | |
| Solution 6 |