For security it is best to disable console login for root and all users altogether and use ssh with keys. If you are building many devices you would want to provision each of them with unique keys.
:rjs On Sat, Jan 12, 2019, 04:42 Stefano Cappa <[email protected] wrote: > From a security point of view, Is it better to use "usermod -p `openssl > passwd mypass` root; \" or with uppercase P "usermod -P mypass root; \" ? > > > Il giorno sab 12 gen 2019 alle ore 04:38 Rudolf J Streif < > [email protected]> ha scritto: > >> Alberto, >> >> The quotes around >> >> `openssl passwd ${ROOT_PASSWORD}` >> >> have to be backticks (`) not single quotes ('). >> >> :rjs >> >> On 01/11/2019 07:41 AM, Alberto Spin wrote: >> >> Hello There, >> >> >> >> I’m trying to set a password for the root user of my distribution (based >> rocko branch) >> >> >> >> I’ve added the following to my image recipe: >> >> >> >> inherit extrausers >> >> >> >> # set image root password >> >> ROOT_PASSWORD = "secret" >> >> >> >> EXTRA_USERS_PARAMS = "\ >> >> usermod -p 'openssl passwd ${ROOT_PASSWORD}' root; \ >> >> " >> >> >> >> Everything builds fine, but in my image I end up with a password in my >> /etc/shadow file like this: >> >> >> >> openssl passwd secret >> >> >> >> so it seems like the openssl command has not been executed during the >> build, but instead the literal command is now part of my password. >> >> >> >> Can anybody please explain what’s going on here, and how to fix this? >> >> >> >> Kind Regards, >> >> >> >> Alberto >> >> >> >> >> >> >> >> >> >> -- >> _______________________________________________ >> yocto mailing list >> [email protected] >> https://lists.yoctoproject.org/listinfo/yocto >> >
-- _______________________________________________ yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/yocto
