Page MenuHomeVyOS Platform

Installer should ask for password twice
Open, NormalPublicENHANCEMENT

Description

It is common practice when setting new password, that the new password needs to be entered twice, and both are checked to match.
Otherwise a typo made just once could prevent from logging in later.
Also, it would be nice to have a CLI command to set login password where the new password is not specified on command line, but instead it asks for it without echo (again, twice).
This is old practice dating back to the old UNIX "passwd" command in the 1980s.
In addition, due to new EU regulations we probably shouldn't have the default "vyos" password at all after installation - entering the new one is highly recommended, but easy to make a typo if entered just once without checking the second time.

Details

Difficulty level
Easy (less than an hour)
Version
1.4.0-epa2
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Stricter validation
Issue type
Improvement (missing useful functionality)

Event Timeline

marekm changed Version from - to 1.4.0-epa2.

Comparing to other vendors setting the password either in cleartext or as a salted hash (where when saved in config file its always saved as a salted hash - but it will accept a cleartext edition too if you wish that for whatever reason) through the CLI is the standard in NOS.

However adding an option to have it echoed for input would be a handy addition.

Example:

  1. set user XXX password clear abc123
  1. set user XXX password hash $salt$917c4a88900c272dd03fe2491256187bddfabbb0f76f58f5971ea0aa83e5e85a
  1. set user XXX password echo

Also omitting the "echo" part while typing it in the CLI as set user XXX password would default to the echo mode.

Where 1 and 2 above would be accepted in the config file (when vyos-config itself saves the config it should always save as a salted hash) and the 3rd option would only be accepted when typed in CLI (well, when being i config mode that is).

Reason why 3 shouldnt be accepted in the config file itself is because the execution of the config during boot would then break and the VyOS box would never complete the boot since its waiting for input from the admin.