View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000331||AlmaLinux-9||General||public||2022-11-16 11:16||2022-11-16 11:16|
|Platform||Raspberry Pi||OS||AlmaLinux||OS Version||9|
|Summary||0000331: root SSH is disabled and there is no other user, so headless installs don't work|
|Description||If you create a /boot/ssh file on the sdcard to enable sshd, you still can't login as "PermitRootLogin without-password" is set and of course there is no authorized_keys installed.|
A default username/password with sudo enabled would solve this problem but as the RPi Foundation found, it created a security risk.
So can we have some other way of allowing a headless first boot - perhaps an option to create a user based on reading some hashed credentials file from /boot/ or even a way of injecting a root ssh key from /boot that's then moved to /root/.ssh/authorized_keys?
If you mount the sdcard on a Linux system you can change PermitRootLogin to "yes" but you have to ensure you keep the SELinux context of /etc/ssh/sshd_config or sshd.service won't start (as i found when using a Debian host!) I assume you'd have the same problem if you installed a root ssh key from a non-selinux-aware host.
As a primarily headless server distro, it does seem odd you need to boot with a keyboard and monitor (or maybe gpio serial?)
|Steps To Reproduce||Create an empty ssh file in the root of the sdcard (which is basically the /boot partition), boot the pi and try to ssh as root|
|Tags||No tags attached.|