yahoo-eng-team team mailing list archive

[Alberto Contreras <2006052@xxxxxxxxxxxxxxxxxx>]

Hello windowsguy.

Firstly, your command to generate the hashed password is wrong, as you
are specifying the salt and not the password. See [1].

To hash 1234asdf execute:

$ mkpasswd --method=SHA-512 --rounds=4096 1234asdf
$6$rounds=4096$MJ9ozPaNS2HWVZcg$rwThVdxIm33BegbW2f2gNLq3JXzej5URpdOxPKna5uSI6K/opwxdZ317vgM1btgcys89ZDu520aglKOSvjT3Z0

or

$ mkpasswd --method=SHA-512 --rounds=4096 -S mycoolsalt 1234asdf
$6$rounds=4096$mycoolsalt$hNRWY61tyEOF.15a9a2q8PZ5Z/vFmBcRTDJrPzrl5ZK/iVPLQjCvEKWUmjSkqE1EyIRLgaYLYY1Y6BomzTIV./

Secondly, a password field which starts with an exclamation mark in
/etc/shadow means that the password is locked, see [2]. This probably
happened because you tried to log in using 1234asdf as the password a
lot of times.

I am going to mark this bug as invalid. Please, try with one of those
hashed passwords and comment here if you find any additional problem.

[1] https://manpages.ubuntu.com/manpages/jammy/en/man1/mkpasswd.1.html
[2] https://manpages.ubuntu.com/manpages/jammy/en/man5/shadow.5.html

** Changed in: cloud-init
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/2006052

Title:
  cloud init prefixes password hash with exclamation mark

Status in cloud-init:
  Invalid

Bug description:
  Host OS is Ubuntu 22.04 LTS.

  Guest info:

  - Ubuntu 22.04 LTS KVM guest: https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64-disk-kvm.img (also tried with https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64-disk-kvm.img)
  - cloud-init package: 22.4.2-0ubuntu0~22.04.1

  I use this to configure password for the Ubuntu user:

  users:
    - name: ubuntu
      gecos: Ubuntu User
      sudo: ALL=(ALL) NOPASSWD:ALL
      shell: /bin/bash
      groups: sudo
      lock_passwd: false
      # mkpasswd --method=SHA-512 --rounds=4096 -S "1234asdf"
      passwd: $6$rounds=4096$1234asdf$3Ym7weobJp/ORkJML66e54IyCEOGKM8C1zfQj4NRngDgJJGdEJn3O9rocWy0uVc84PbEvSnzji3a54X5FOb230

  
  While provisioning is still running, I can log in as root (configured separately) and observe the hash in /etc/shadow is identical to this (as expected). Also 'ubuntu' can login.

  After provisioning is complete and the VM reboots, I cannot login as
  'ubuntu'.

  I log in as root and find that now a '!' was prefixed to password hash
  in /etc/shadow:

  ubuntu:!$6$rounds=4096$1....

  If I remove that '!', I can login as the ubuntu user.

  I tried surrounding the password with single and double quotes, no
  difference. Initially it's provisioned correctly, so it's something
  that injects that '!' after that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/2006052/+subscriptions