3

I have seen, that the ubuntu-server autoinstaller sets a random ssh password and key to be able to connect via installation phase. But i now want to setup a headless system, so I cannot see the random password. Is there a way to configure this password or a own public key ?

Peter smith
  • 65
  • 5

1 Answers1

3

Yes. Here is a snippet that can be added to the autoinstall user-data file. It will set the password for the installer user and install an authorized_key for the installer user. This config must be added at the root level. The same level as the autoinstall: key, not part of the autoinstall: section.

# set password to r00tme
chpasswd:
    expire: false
    list:
        - installer:$6$.c38i4RIqZeF4RtR$hRu2RFep/.6DziHLnRqGOEImb15JT2i.K/F9ojBkK/79zqY30Ll2/xx6QClQfdelLe.ZjpeVYfE8xBBcyLspa/
ssh_authorized_keys:
    - ssh-rsa FILLINYOUROWNKEYHERE installer

How it works

When the installer boots, it uses cloud-init to configure the installer environment. The autoinstall user-data file is really just a cloud-init config used to configure this environment.

In the installer, the default cloud-init configuration will generate an installer user by default

   default_user:
     name: installer
     lock_passwd: false
     gecos: Ubuntu
     groups: [adm, audio, cdrom, dialout, dip, floppy, lxd, netdev, plugdev, sudo, video]
     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
     shell: /usr/bin/subiquity-shell

and will assign the installer user a random password

chpasswd:
    expire: false
    list:
        - installer:RANDOM

By providing configuration within the autoinstall file, it will override the default config.

Another method would be to provide user info within the autoinstall file. This will let you more explicitly control the properties of the created user(s).

Andrew Lowther
  • 5,811
  • 1
  • 15
  • 23
  • Just a clarification about this process. How to obtain `FILLINYOUROWNKEYHERE`? I have to create a key using `ssh-keygen -t rsa`? But I'm not the user `installer` on the dev machine... – Mark Oct 03 '21 at 10:51
  • 1
    @Mark You don't need to be the `installer` user. Just use the public key created by `ssh-keygen` to fill in the value. Then any user with access to the corresponding private key will be able to authenticate. – Andrew Lowther Oct 04 '21 at 16:29
  • Got it, thanks. Out of curiosity, what is the meaning of `installer` in this row? `ssh-rsa FILLINYOUROWNKEYHERE **installer**` – Mark Oct 04 '21 at 16:56
  • 1
    That is the "comment" field. It does not affect functionality but can be used as an identifier. https://serverfault.com/a/743551/649608 – Andrew Lowther Oct 04 '21 at 22:02
  • I am modifying this file, `user-data` in the iso, is that correct? Where do I find that? Mounting the iso and using `find . -name "user-data"` comes up with nothing. – Diagon Nov 07 '22 at 11:57
  • I see this file, `/usr/lib/python3/dist-packages/cloudinit/config/cc_ubuntu_autoinstall.py` in the package (`apt-file list cloud-init`), but I'm not finding it in the `iso`. – Diagon Nov 07 '22 at 12:36