SSH: cannot check for default password because of Debian bug #1003151

Signed-off-by: nachoparker <nacho@ownyourbits.com>
2026-01-09 06:32:00 -03:30 · 2022-03-04 17:13:30 -07:00 · 2022-03-04 17:13:30 -07:00 · 21b7fe70f0
commit 21b7fe70f0
parent f473f737fd
4 changed files with 36 additions and 32 deletions
--- a/bin/ncp/BACKUPS/nc-snapshot.sh
+++ b/bin/ncp/BACKUPS/nc-snapshot.sh
@ -32,7 +32,7 @@ configure()
    return 1
  }
-  btrfs-snp $MOUNTPOINT manual $LIMIT 0 ../ncp-snapshots
+  btrfs-snp "${MOUNTPOINT}" manual "${LIMIT}" 0 ../ncp-snapshots
  restore_maintenance_mode
 }
--- a/bin/ncp/NETWORKING/SSH.sh
+++ b/bin/ncp/NETWORKING/SSH.sh
@ -39,38 +39,40 @@ configure()
  echo -e "$PASS\n$CONFIRM" | passwd "$USER" || return 1
  # Check for insecure default pi password ( taken from old jessie method )
-  local SHADOW="$( grep -E '^pi:' /etc/shadow )"
+  # TODO Due to Debian bug #1003151 with mkpasswd this feature is not working properly at the moment - https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1837456.html
-  test -n "${SHADOW}" && {
+  #local SHADOW SALT HASH
-    local SALT=$(echo "${SHADOW}" | sed -n 's/pi:\$6\$//;s/\$.*//p')
+  #SHADOW="$( grep -E '^pi:' /etc/shadow )"
  #test -n "${SHADOW}" && {
    #SALT=$(awk -F[:$] '{print $5}' <<<"${SHADOW}")
-    [[ "${SALT}" != "" ]] && {
+    #[[ "${SALT}" != "" ]] && {
-      local HASH=$(mkpasswd -msha-512 raspberry "$SALT")
+      #HASH=$(mkpasswd -myescrypt raspberry "${SALT}")
-      grep -q "${HASH}" <<< "${SHADOW}" && {
+      #grep -q "${HASH}" <<< "${SHADOW}" && {
-        systemctl stop    ssh
+        #systemctl stop    ssh
-        systemctl disable ssh
+        #systemctl disable ssh
-        echo "The user pi is using the default password. Refusing to activate SSH"
+        #echo "The user pi is using the default password. Refusing to activate SSH"
-        echo "SSH disabled"
+        #echo "SSH disabled"
-        return 1
+        #return 1
-      }
+      #}
-    }
+    #}
-  }
+  #}
  # Check for insecure default root password ( taken from old jessie method )
-  local SHADOW="$( grep -E '^root:' /etc/shadow )"
+  #SHADOW="$( grep -E '^root:' /etc/shadow )"
-  test -n "${SHADOW}" && {
+  #test -n "${SHADOW}" && {
-    local SALT=$(echo "${SHADOW}" | sed -n 's/root:\$6\$//;s/\$.*//p')
+    #SALT=$(awk -F[:$] '{print $5}' <<<"${SHADOW}")
-    [[ "${SALT}" != "" ]] && {
+    #[[ "${SALT}" != "" ]] && {
-      local HASH=$(mkpasswd -msha-512 1234 "$SALT")
+      #HASH=$(mkpasswd -myescrypt 1234 "${SALT}")
-      grep -q "${HASH}" <<< "${SHADOW}" && {
+      #grep -q "${HASH}" <<< "${SHADOW}" && {
-        systemctl stop    ssh
+        #systemctl stop    ssh
-        systemctl disable ssh
+        #systemctl disable ssh
-        echo "The user root is using the default password. Refusing to activate SSH"
+        #echo "The user root is using the default password. Refusing to activate SSH"
-        echo "SSH disabled"
+        #echo "SSH disabled"
-        return 1
+        #return 1
-      }
+      #}
-    }
+    #}
-  }
+  #}
  # Enable
  chage -d 0 "$USER"
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,7 @@
-[v1.46.7](https://github.com/nextcloud/nextcloudpi/commit/bd49019) (2022-03-04) nc-hdd-monitor: fix Bullseye service name
+[v1.46.8](https://github.com/nextcloud/nextcloudpi/commit/dc7046b) (2022-03-04) SSH: cannot check for default password because of Debian bug #1003151
 [v1.46.7](https://github.com/nextcloud/nextcloudpi/commit/f473f73) (2022-03-04) nc-hdd-monitor: fix Bullseye service name
 [v1.46.6](https://github.com/nextcloud/nextcloudpi/commit/c9610e4) (2022-03-03) ncp-dist-upgrade: fix VM grub-pc issue
--- a/tag_and_push.sh
+++ b/tag_and_push.sh
@ -16,10 +16,10 @@
 set -e
-TAG="$@"
+TAG="$*"
 source build/buildlib.sh
-git tag "$TAG"
+git tag -f "$TAG"
 generate_changelog
 git add changelog.md
 git commit -C HEAD --amend