How do I set a custom password with Cloud-init on Ubuntu 20.04?

Asked 4/5, 2020 at 12:7 Answered 27/3, 2022 at 14:2

Recently I've gotten Cloud-Init to work by mounting my config in an image. This is all fine, it works. If I break the config, it tells me. What it doesn't tell me is why I'm not allowed to log on.

What I've tried is creating my own password using echo possible | mkpasswd -m sha-512 -s and by copying the example found on the quickstart page: https://wiki.ubuntu.com/FoundationsTeam/AutomatedServerInstalls/QuickStart

Neither work. I've tried setting a custom username too. Doesn't change anything. The default ubuntu:ubuntu is also unavailable. Neither is ubuntu and blank.

What I'm using:

https://releases.ubuntu.com/20.04/ubuntu-20.04-live-server-amd64.iso

https://wiki.ubuntu.com/FoundationsTeam/AutomatedServerInstalls/QuickStart

# echo possible | mkpasswd -m sha-512 -s                                    
$6$nqZiIASVBA.iF$9nubU0ImWVrv4XhtEq9XhSh9UYNFQ7yC9Lf7A.uheSlJ3cgI5d9ltkUwRq.X8lAwoQuLAMem6v.gJNGYwk5XA0

The following config with it's supplied password, or the above;

#cloud-config
autoinstall:
  version: 1
  identity:
    hostname: ubuntu-server
    password: "$6$exDY1mhS4KUYCE/2$zmn9ToZwTKLhCw.b4/b.ZRTIZM30JZ4QrOQ2aOXJ8yk96xpcCof0kxKwuX1kqLG/ygbJ1f8wxED22bTL4F46P0"
    username: ubuntu

I've also tried setting up a users block like this:

https://gist.github.com/leogallego/a614c61457ed22cb1d960b32de4a1b01#file-ubuntu-cloud-virtualbox-sh-L46-L56

What I'm asking for:

A better documentation of what type of hash is expected.
A working user-data config

Inflatable answered 4/5, 2020 at 12:7 Comment(0)

I've finally found a working config that creates a usable account;

users:
  - default
  - name: kim
    passwd: "$6$kW4vfBM9kGgq4hr$TFtHW7.3jOECR9UCBuw9NrdSMJETzSVoNQGcVv2y.RqRUzWDEtYhYRkGvIpB6ml1fh/fZEVIgKbSXI9L1B6xF."
    shell: /bin/bash
    lock-passwd: false
    ssh_pwauth: True
    chpasswd: { expire: False }
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: users, admin
    ssh_authorized_keys:
     - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbJ7oF5RXUj6R1ewF15X2i6RieWFmVUkOyT0DwzgfI8fRl5mMMSRlDRYQi3NznwcWDAxLApF82FomNv8vk1V2SXDGGs8XpOvtgAPpR3JUKJGmxoiES7rxa7bq/JSmpGprsnlCocTJnOfDz6Gz2Ge4+D84EZHOW7ejbkWDBdXOYYRMIlRSoXBkb0017G/OIvPNdwZRYLzLJYjGGL08GX+/Da+lrbz8/FaewXwb/BfjRYESOG+aJNTCOQfgzNsFGJ6EslsMc1bDtCq2pvWUenlUo/2BEAICiJxmXZkAjDrIYcyTzHLE14+UfCiC6pbMEdXF2ndUARr0HcNpvJz8K0Mg4CfjRpxaopfPfHp/lMR36ys0r4bT3q9iU4ClnUAeWxbCK7pUN+D/6TVrIKLOLuuIph81sb5+jW23ycg0fjQ/2/ttKQvTzHwomN6B6T/KgXVt367Iq+uzN02wtk282pJOIIqVi3PSHVcJl1I+bFAzeEdmJP29d/wnp0ZyuNYDp0P8= miesl@mies-pc

autoinstall:
    version: 1
    identity:
        hostname: yamanouchi-node-1
        username: ubuntu
        password: "$6$exDY1mhS4KUYCE/2$zmn9ToZwTKLhCw.b4/b.ZRTIZM30JZ4QrOQ2aOXJ8yk96xpcCof0kxKwuX1kqLG/ygbJ1f8wxED22bTL4F46P0"
    refresh-installer:
        update: yes

It creates a user with name kim and password possible. I'm not entirely sure whether refresh-installer is required (I don't think so). It's insanely insecure with password ssh and no password root, but hey. You can configure that yourself.

The ubuntu account remains unusable. I'm at a loss as to why.

Inflatable answered 18/5, 2020 at 11:9 Comment(3)

Thanks! For the record, this users section also works if put under autoinstall/user-data. – Barchan 29/4, 2021 at 18:3

in 20.04 the user-data or users: does not work at all for me, any idea? – Verena 24/9, 2021 at 21:31

It looks like for all accounts the lock_passwd setting defaults to true. If you want to log in with the ubuntu user, you have to define lock_passwd: false. Also note: lock-passwd has changed to lock_passwdin current versions of cloud-init. See Users and Group Documentation – Jurat 26/10, 2022 at 10:45

I do not have enough rep to post a comment, but as stated here and I can confirmed with my tests, to set password for existing user you have to use hashed_passwd, not simply passwd

Example:

#cloud-config
users:
  - name: root
    lock_passwd: false
    hashed_passwd: <output from mkpasswd --method=SHA-512 --rounds=4096>
    ssh_authorized_keys:
      - ssh-rsa <key>

Armenia answered 27/3, 2022 at 14:2 Comment(0)

If you add any users via cloud-init, the default ubuntu user is not created at all. You will note that the /home/ubuntu/ directory is absent.

To create my cloud-init that allows SSH authentication, and sets a password so that I can use sudo, I have successfully used these steps:

Create a password hash with mkpasswd:

$ mkpasswd -m sha-512
Password:  <enter your password here>
$6$nq4v1BtHB8bg$Oc2TouXN1KZu7F406ELRUATiwXwyhC4YhkeSRD2z/I.a8tTnOokDeXt3K4mY8tHgW6n0l/S8EU0O7wIzo.7iw1

Then, I use this section in my cloud-init:

users:
  - name: brandon
    groups: [ sudo ]
    shell: /bin/bash
    lock_passwd: false
    passwd: "$6$nq4v1BtHB8bg$Oc2TouXN1KZu7F406ELRUATiwXwyhC4YhkeSRD2z/I.a8tTnOokDeXt3K4mY8tHgW6n0l/S8EU0O7wIzo.7iw1"
    ssh-authorized-keys:
    - ssh-ed25519 AAAAC3NzaC1lZDI1zzzBBBGGGg3BZFFzTexMPpOZJbSa6OlzycjkPhsh4Qg2tSWZyXZ my-key-name

I prefer to use the groups: [ sudo ] syntax to grant access to sudo via a group, which is personal preference over the usage of the sudo directive.

Etheline answered 4/2, 2022 at 5:26 Comment(0)

if your image is：focal-server-cloudimg-amd64.img

rm -f vm_0001-focal-server-cloudimg-amd64.qcow2
qemu-img create -f qcow2 -F qcow2 -b focal-server-cloudimg-amd64.img  vm_0001-focal-server-cloudimg-amd64.qcow2 20G
qemu-img info vm_0001-focal-server-cloudimg-amd64.qcow2
VM_NAME="ubuntu-20-cloud-image"
USERNAME="programster"
PASSWORD="thisok"
echo "#cloud-config
system_info:
  default_user:
    name: $USERNAME
    home: /home/$USERNAME

password: $PASSWORD
chpasswd: { expire: False }
hostname: $VM_NAME

# configure sshd to allow users logging in using password 
# rather than just keys
ssh_pwauth: True
" | sudo tee user-data
cloud-localds ./cidata.iso user-data
qemu-system-x86_64 -m 2048 -smp 4 -hda ./vm_0001-focal-server-cloudimg-amd64.qcow2 \
      -cdrom ./cidata.iso -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22 -nographic

another example:

rm -f vm_0001-focal-server-cloudimg-amd64.qcow2
qemu-img create -f qcow2 -F qcow2 -b focal-server-cloudimg-amd64.img  vm_0001-focal-server-cloudimg-amd64.qcow2 20G
qemu-img info vm_0001-focal-server-cloudimg-amd64.qcow2
cat >user-data <<'EOF'
#cloud-config
users:
  - default
  - name: jamlee
    homedir: /home/jamlee
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: users, admin
    lock_passwd: false
    shell: /bin/bash
    passwd: $6$yO/Yf/zQbbIXlaHN$cA/i6a6.Cp7cnHl9HEhSPyVLtsitWs3oe/2NARVCKAn54LU2kT92/vqzpeSP3N87SGFkSHGBe7uQxshZXTbL./
    ssh_authorized_keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6/fB4NNy2k+oAHA4Q4pOUCdH997mQq9BtxoOx99MdS+cRKYITVlN1VaLW+beYgTtTYLRdrJhgPBCk9BzriUEXhFO1D6cOslkCxHsQO5M8FPJEU+I/OSRvpU2QYnhYwP9RRKs1XjwdJ2sg924xYLHdfqcRazRFdLGmKnmz8lLrhz0HrBaBIG8Qm58YpfSrkEQ6eAs+1Xf/1VlCTN4sKq2lwLYGFv8GkMOPRndhiEEc5HTZPfGtOp928xJR63WxUoWn2deDGQxU+Z3wGlZ4Ag0SHGM6uZkaRD+LYZHj+m7J979SJ2uqiLC4YCMjoQF5yqUgsu6bzvVh5TesrW2FZ1PrdWjxZGkmS7gv5PJnAdJ4xKLuuG9Bq5QZmWSTPMaKo6Z23HbAbmBj1stUfNbF7apt+GPiGjR4yZk5+tNCQ2n5fRCufNdsFyeBIXnx6MMugbKq2O70F365fyVNR0otleISpmnpnPlfG+n/+rhdf6w5+b0SYaJ3bBYMdXCrTZ8lj68= root@DESKTOP-SBBNAKK
system_info:
    default_user:
      name: ubuntu
      home: /home/ubuntu
password: ubuntu
chpasswd:
    expire: false
hostname: vm-001
ssh_pwauth: yes
EOF
cloud-localds ./cidata.iso user-data
qemu-system-x86_64 -m 2048 -smp 4 -hda ./vm_0001-focal-server-cloudimg-amd64.qcow2 \
      -cdrom ./cidata.iso -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22 -nographic

Undercarriage answered 16/3, 2022 at 21:37 Comment(0)

I'm facing the very same issue. By using the shell during the installation process, I see that no users are created, hence we cannot log in after the reboot. I don't know why, either a bug in subiquity or a lack of documentation about how to use it properly. Neverteless, I was able to create an user using this trick in my autoinstall file:

  late-commands:
    - useradd -m -R /target -u 1001 ubuntu
    - echo "ubuntu:ubuntu" | chroot /target /usr/sbin/chpasswd
    - usermod -R /target -aG sudo ubuntu

Orthoepy answered 16/5, 2020 at 23:4 Comment(3)

Seeing your answer got me searching again and since posting this, a ton of people have complained about the cloud-init implementation. I have however found another config of someone doing something similar (20.04 in Vbox) and their users section includes some options I hadn't seen before. Adding a shell and setting lock-passwd to false appears to fix the issue. What a ride this has been. – Inflatable 18/5, 2020 at 11:10

@MiesvanderLippe Would you happen to have a link to the Vbox config page you refer to? I saw your other answer - did you ever find a way to 'fix' the ubuntu account? – Outpost 12/6, 2020 at 21:52

I use this with VirtualBox; superuser.com/questions/827977/use-cloud-init-with-virtualbox But I have scripted it so it mounts automatically using VboxManage commands. Unsure about ubuntu account. Gave up on this BS after nobody answered & just set up 4 VM's myself. I'm doing the rest of the management using Ansible. – Inflatable 13/6, 2020 at 18:54

For ubuntu 20.04, I am finding that I cannot login to the console without /etc/securetty. I'm answering with this because it's not clear if you're trying to access your account through the console.

runcmd:
    - cp /usr/share/doc/util-linux/examples/securetty /etc/securetty

I find if I install /etc/securetty as a runcmd, that I can then log in with these cloud-config users on the system console. Otherwise, authentication will fail.

I make no claims about the security ramifications of deciding to use this example.

Ketone answered 12/4, 2021 at 15:35 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags