From 21b7fe70f0c64a3cd20f08afed072832a43f21e0 Mon Sep 17 00:00:00 2001 From: nachoparker Date: Fri, 4 Mar 2022 17:13:30 -0700 Subject: SSH: cannot check for default password because of Debian bug #1003151 Signed-off-by: nachoparker --- bin/ncp/BACKUPS/nc-snapshot.sh | 2 +- bin/ncp/NETWORKING/SSH.sh | 58 ++++++++++++++++++++++-------------------- changelog.md | 4 ++- tag_and_push.sh | 4 +-- 4 files changed, 36 insertions(+), 32 deletions(-) diff --git a/bin/ncp/BACKUPS/nc-snapshot.sh b/bin/ncp/BACKUPS/nc-snapshot.sh index 34dc594d..c5bfb392 100644 --- a/bin/ncp/BACKUPS/nc-snapshot.sh +++ b/bin/ncp/BACKUPS/nc-snapshot.sh @@ -32,7 +32,7 @@ configure() return 1 } - btrfs-snp $MOUNTPOINT manual $LIMIT 0 ../ncp-snapshots + btrfs-snp "${MOUNTPOINT}" manual "${LIMIT}" 0 ../ncp-snapshots restore_maintenance_mode } diff --git a/bin/ncp/NETWORKING/SSH.sh b/bin/ncp/NETWORKING/SSH.sh index 9d8d812f..182b5978 100644 --- a/bin/ncp/NETWORKING/SSH.sh +++ b/bin/ncp/NETWORKING/SSH.sh @@ -39,38 +39,40 @@ configure() echo -e "$PASS\n$CONFIRM" | passwd "$USER" || return 1 # Check for insecure default pi password ( taken from old jessie method ) - local SHADOW="$( grep -E '^pi:' /etc/shadow )" - test -n "${SHADOW}" && { - local SALT=$(echo "${SHADOW}" | sed -n 's/pi:\$6\$//;s/\$.*//p') + # TODO Due to Debian bug #1003151 with mkpasswd this feature is not working properly at the moment - https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1837456.html + #local SHADOW SALT HASH + #SHADOW="$( grep -E '^pi:' /etc/shadow )" + #test -n "${SHADOW}" && { + #SALT=$(awk -F[:$] '{print $5}' <<<"${SHADOW}") - [[ "${SALT}" != "" ]] && { - local HASH=$(mkpasswd -msha-512 raspberry "$SALT") - grep -q "${HASH}" <<< "${SHADOW}" && { - systemctl stop ssh - systemctl disable ssh - echo "The user pi is using the default password. Refusing to activate SSH" - echo "SSH disabled" - return 1 - } - } - } + #[[ "${SALT}" != "" ]] && { + #HASH=$(mkpasswd -myescrypt raspberry "${SALT}") + #grep -q "${HASH}" <<< "${SHADOW}" && { + #systemctl stop ssh + #systemctl disable ssh + #echo "The user pi is using the default password. Refusing to activate SSH" + #echo "SSH disabled" + #return 1 + #} + #} + #} # Check for insecure default root password ( taken from old jessie method ) - local SHADOW="$( grep -E '^root:' /etc/shadow )" - test -n "${SHADOW}" && { - local SALT=$(echo "${SHADOW}" | sed -n 's/root:\$6\$//;s/\$.*//p') + #SHADOW="$( grep -E '^root:' /etc/shadow )" + #test -n "${SHADOW}" && { + #SALT=$(awk -F[:$] '{print $5}' <<<"${SHADOW}") - [[ "${SALT}" != "" ]] && { - local HASH=$(mkpasswd -msha-512 1234 "$SALT") - grep -q "${HASH}" <<< "${SHADOW}" && { - systemctl stop ssh - systemctl disable ssh - echo "The user root is using the default password. Refusing to activate SSH" - echo "SSH disabled" - return 1 - } - } - } + #[[ "${SALT}" != "" ]] && { + #HASH=$(mkpasswd -myescrypt 1234 "${SALT}") + #grep -q "${HASH}" <<< "${SHADOW}" && { + #systemctl stop ssh + #systemctl disable ssh + #echo "The user root is using the default password. Refusing to activate SSH" + #echo "SSH disabled" + #return 1 + #} + #} + #} # Enable chage -d 0 "$USER" diff --git a/changelog.md b/changelog.md index 7cd326ec..f99779fe 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ -[v1.46.7](https://github.com/nextcloud/nextcloudpi/commit/bd49019) (2022-03-04) nc-hdd-monitor: fix Bullseye service name +[v1.46.8](https://github.com/nextcloud/nextcloudpi/commit/dc7046b) (2022-03-04) SSH: cannot check for default password because of Debian bug #1003151 + +[v1.46.7](https://github.com/nextcloud/nextcloudpi/commit/f473f73) (2022-03-04) nc-hdd-monitor: fix Bullseye service name [v1.46.6](https://github.com/nextcloud/nextcloudpi/commit/c9610e4) (2022-03-03) ncp-dist-upgrade: fix VM grub-pc issue diff --git a/tag_and_push.sh b/tag_and_push.sh index d6e3d835..3f2291da 100755 --- a/tag_and_push.sh +++ b/tag_and_push.sh @@ -16,10 +16,10 @@ set -e -TAG="$@" +TAG="$*" source build/buildlib.sh -git tag "$TAG" +git tag -f "$TAG" generate_changelog git add changelog.md git commit -C HEAD --amend -- cgit v1.2.3