My apologies for dredging up this old thread! I have a related requirement (v1185.5.0): I need to enable password login directly from the console, but only key login via SSH. Unfortunately, for my purposes, the autologin feature will not work because a password is required. That is, I need to provision CoreOS so that users can log in via SSH using a keypair (but not a password), and can also login from the physical console using a password.
I have already created a user "admin" with a known password, but it still will not me log into the console with this user. SSH login works just fine with this user. Thanks for your help! On Tuesday, August 5, 2014 at 9:46:12 AM UTC-4, Tom Deckers wrote: > > Thanks for this tip. I've created a quick demo of the approach: > https://www.youtube.com/watch?v=FoLhUi2B93U > > > > On Thursday, May 1, 2014 4:45:02 PM UTC+2, Michael Marineau wrote: >> >> We don't add the autologin flag by default in images other than the ISO >> because we don't know enough about the final deployment to know if it is >> safe to do so. Similarly, shipping an insecure ssh key in the current >> vmware image is just a temporary hack until we have config drive or some >> other configuration scheme working reliably on vmware since that is pretty >> clearly not safe. :) >> >> I don't know it it is in the current release or will be the next but I've >> nudged up the bootloader timeout to make it easier to catch and add that or >> other kernel options yourself. If not just hold down a key like space in >> the vga or serial console as the machine starts to catch the bootloader >> before it loads the kernel. Then at the prompt do something like: >> >> boot: boot_kernel coreos.autologin >> On May 1, 2014 1:01 AM, "Ram Janovski" <[email protected]> wrote: >> >>> Thanks Alex, >>> >>> is there a reason you're not adding it by default in the vmware images? >>> >>> On Wednesday, April 30, 2014 12:15:20 AM UTC+3, Alex Polvi wrote: >>>> >>>> Ram, yes, that will contain the vmdk, which you will have to mount and >>>> edit the kernel params. Using the ISO or the config-drive support that >>>> Mike >>>> mentioned would be easier and recommended. >>>> >>>> -Alex >>>> >>>> >>>> On Tue, Apr 29, 2014 at 2:41 AM, Ram Janovski <[email protected]> >>>> wrote: >>>> >>>>> Thanks Alex, >>>>> >>>>> Is it also included in the vmware zip by any chance? ( >>>>> http://storage.core-os.net/coreos/amd64-usr/alpha/coreos_ >>>>> production_vmware_insecure.zip) >>>>> >>>>> On Thursday, April 24, 2014 11:17:19 PM UTC+3, Alex Polvi wrote: >>>>> >>>>>> Ram, we added a kernel command line arg "coreos.autologin". This will >>>>>> drop you on to the console automatically. >>>>>> >>>>>> You need to crack open the vmware image and edit the bootloader >>>>>> params... OR... try out our experimental new ISO, which does this for >>>>>> you: >>>>>> >>>>>> http://storage.core-os.net/coreos/amd64-usr/alpha/coreos_pro >>>>>> duction_iso_image.iso >>>>>> >>>>>> You can use the iso to run coreos-install to install to disk. >>>>>> >>>>>> -Alex >>>>>> >>>>>> >>>>>> On Thu, Apr 24, 2014 at 2:50 AM, Ram Janovski <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> I'm having some difficulty with passwordless core user on a coreos >>>>>>> on VMware, since the VMware console (KVM-like terminal) is rendered >>>>>>> useless >>>>>>> with no password account. >>>>>>> >>>>>>> what do you guys think about the following: >>>>>>> - set some strong password for core >>>>>>> - disable passwordless ssh by adding "*PasswordAuthentication no" >>>>>>> in *sshd_config >>>>>>> >>>>>>> this way I have terminal password for direct connection via VMware >>>>>>> console but not compromising remote ssh security. >>>>>>> >>>>>>> any thoughts? are there any security pitfalls that I'm missing? >>>>>>> >>>>>> >>>>>> >>>>
