Page MenuHomeVyOS Platform
Create Task
Maniphest T5739

Password recovery does not work if public keys are configured
Closed, ResolvedPublicBUG
Actions

Description

If a public key is configured in the config file, the password recovery tool (standalone_root_pw_reset) cannot reset a password.

The problem exists because regex used for sed there expects to find the password before the first line with the`}` character, but the public key section breaks this logic.

Affected sed command (https://github.com/vyos/vyatta-cfg-system/blob/2ec876ba9034c4e35538860d3128c6c13e185825/scripts/standalone_root_pw_reset#L29-L32):

set_encrypted_password() {
    sed -i \
       -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password $2/" $3
}

Config with public keys:

login {
    user vyos {
        authentication {
            public-keys keyname {
                type "ssh-ed25519"
                key "keydata"
            }
            encrypted-password "passworddata"
            plaintext-password ""
        }
    }
}

Details

Version
1.3.4, 1.4, 1.5
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

zsdc created this task.Nov 14 2023, 12:42 PM
zsdc changed the task status from Open to In progress.
zsdc claimed this task.
pasik subscribed.Nov 14 2023, 12:54 PM
zsdc renamed this task from Password recovery does not work in Equinix Metal to Password recovery does not work if public keys are configured.Nov 14 2023, 1:18 PM
zsdc triaged this task as High priority.
zsdc updated the task description. (Show Details)
zsdc edited a custom field.
zsdc added projects: VyOS 1.4 Sagitta, VyOS 1.5 Circinus.Nov 14 2023, 1:24 PM
zsdc changed Version from 1.3.4 to 1.3.4, 1.4, 1.5.
zsdc edited a custom field.
zsdc changed the task status from In progress to Needs testing.Nov 14 2023, 4:23 PM

PR for 1.5: https://github.com/vyos/vyatta-cfg-system/pull/213

Viacheslav edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.Nov 14 2023, 5:17 PM
syncer changed the task status from Needs testing to In progress.Nov 15 2023, 5:03 AM
syncer moved this task from Open to Backport Candidates on the VyOS 1.5 Circinus board.
jestabro mentioned this in rVYOSONEX424c9b19fd54: image: T4516: use copy of pw_reset script for install, link for compat.Nov 16 2023, 7:46 PM
jestabro mentioned this in rVYOSONEX041cdcff9904: image: T4516: use copy of pw_reset script for install, link for compat.Dec 17 2023, 7:24 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:36 PM
Viacheslav closed this task as Resolved.Feb 2 2024, 4:24 PM
Viacheslav moved this task from Backport Candidates to Finished on the VyOS 1.5 Circinus board.
Viacheslav subscribed.

merged

Viacheslav moved this task from Open to Finished on the VyOS 1.4 Sagitta board.Feb 2 2024, 4:24 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.6) board.
dmbaturin mentioned this in 1.3.6.Feb 3 2024, 1:59 AM