cloud init prefixes password hash with exclamation mark
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Expired
|
Undecided
|
Unassigned |
Bug Description
Host OS is Ubuntu 22.04 LTS.
Guest info:
- Ubuntu 22.04 LTS KVM guest: https:/
- cloud-init package: 22.4.2-
I use this to configure password for the Ubuntu user:
users:
- name: ubuntu
gecos: Ubuntu User
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
groups: sudo
lock_passwd: false
# mkpasswd --method=SHA-512 --rounds=4096 -S "1234asdf"
passwd: $6$rounds=
While provisioning is still running, I can log in as root (configured separately) and observe the hash in /etc/shadow is identical to this (as expected). Also 'ubuntu' can login.
After provisioning is complete and the VM reboots, I cannot login as 'ubuntu'.
I log in as root and find that now a '!' was prefixed to password hash in /etc/shadow:
ubuntu:
If I remove that '!', I can login as the ubuntu user.
I tried surrounding the password with single and double quotes, no difference. Initially it's provisioned correctly, so it's something that injects that '!' after that.
summary: |
- cloud init prefixes password hash adds exclamation mark + cloud init prefixes password hash with exclamation mark |
Hello windowsguy.
Firstly, your command to generate the hashed password is wrong, as you are specifying the salt and not the password. See [1].
To hash 1234asdf execute:
$ mkpasswd --method=SHA-512 --rounds=4096 1234asdf 4096$MJ9ozPaNS2 HWVZcg$ rwThVdxIm33Begb W2f2gNLq3JXzej5 URpdOxPKna5uSI6 K/opwxdZ317vgM1 btgcys89ZDu520a glKOSvjT3Z0
$6$rounds=
or
$ mkpasswd --method=SHA-512 --rounds=4096 -S mycoolsalt 1234asdf 4096$mycoolsalt $hNRWY61tyEOF. 15a9a2q8PZ5Z/ vFmBcRTDJrPzrl5 ZK/iVPLQjCvEKWU mjSkqE1EyIRLgaY LYY1Y6BomzTIV. /
$6$rounds=
Secondly, a password field which starts with an exclamation mark in /etc/shadow means that the password is locked, see [2]. This probably happened because you tried to log in using 1234asdf as the password a lot of times.
I am going to mark this bug as invalid. Please, try with one of those hashed passwords and comment here if you find any additional problem.
[1] https:/ /manpages. ubuntu. com/manpages/ jammy/en/ man1/mkpasswd. 1.html /manpages. ubuntu. com/manpages/ jammy/en/ man5/shadow. 5.html
[2] https:/