Expectation here is to fix hashed passwords to also expire.
Validated that hashed password is not expired by default:
cat > hash_pw_not_expired.yaml <<EOF #cloud-config ssh_pwauth: true users: - default - gecos: User One name: u1 groups: [adm, cdrom, dip, lxd, sudo] lock_passwd: False - gecos: User Two name: u2 groups: [adm, cdrom, dip, lxd, sudo] lock-passwd: False chpasswd: list: - u1:$6$rounds=4096$4Bbw0KI52G71TqOT$a.mEik19QEe9Lfot2gt6Ff5rUwYkLm49SAIDJoNrxd4V/PL21e83FqK/aDVV6CGFM/GNH6CtvR0Sk52i9jhNK1 - u2:RANDOM EOF lxc launch ubuntu-daily:jammy test-pw-expiry -c user.user-data="$(cat hash_pw_not_expired.yaml)" lxc exec test-pw-expiry -- cloud-init status --wait --long IP=`lxc ls -c 4 test-pw-expiry | awk '/eth/{print $2}'` ssh u1@$IP # hashed password this4now # Note no expiry notice lxc console test-pw-expiry --show-log | grep u2 #copy password and login ssh u2@$IP # Use random password printed to console from above # Note expiry notice
Expectation here is to fix hashed passwords to also expire.
Validated that hashed password is not expired by default:
cat > hash_pw_ not_expired. yaml <<EOF 4096$4Bbw0KI52G 71TqOT$ a.mEik19QEe9Lfo t2gt6Ff5rUwYkLm 49SAIDJoNrxd4V/ PL21e83FqK/ aDVV6CGFM/ GNH6CtvR0Sk52i9 jhNK1 data="$ (cat hash_pw_ not_expired. yaml)"
#cloud-config
ssh_pwauth: true
users:
- default
- gecos: User One
name: u1
groups: [adm, cdrom, dip, lxd, sudo]
lock_passwd: False
- gecos: User Two
name: u2
groups: [adm, cdrom, dip, lxd, sudo]
lock-passwd: False
chpasswd:
list:
- u1:$6$rounds=
- u2:RANDOM
EOF
lxc launch ubuntu-daily:jammy test-pw-expiry -c user.user-
lxc exec test-pw-expiry -- cloud-init status --wait --long
IP=`lxc ls -c 4 test-pw-expiry | awk '/eth/{print $2}'`
ssh u1@$IP # hashed password this4now
# Note no expiry notice
lxc console test-pw-expiry --show-log | grep u2
#copy password and login
ssh u2@$IP # Use random password printed to console from above
# Note expiry notice