View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000331 | AlmaLinux-9 | General | public | 2022-11-16 11:16 | 2022-11-16 11:16 |
| Reporter | sej7278 | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | Raspberry Pi | OS | AlmaLinux | OS Version | 9 |
| Summary | 0000331: root SSH is disabled and there is no other user, so headless installs don't work | ||||
| Description | If you create a /boot/ssh file on the sdcard to enable sshd, you still can't login as "PermitRootLogin without-password" is set and of course there is no authorized_keys installed. A default username/password with sudo enabled would solve this problem but as the RPi Foundation found, it created a security risk. So can we have some other way of allowing a headless first boot - perhaps an option to create a user based on reading some hashed credentials file from /boot/ or even a way of injecting a root ssh key from /boot that's then moved to /root/.ssh/authorized_keys? If you mount the sdcard on a Linux system you can change PermitRootLogin to "yes" but you have to ensure you keep the SELinux context of /etc/ssh/sshd_config or sshd.service won't start (as i found when using a Debian host!) I assume you'd have the same problem if you installed a root ssh key from a non-selinux-aware host. As a primarily headless server distro, it does seem odd you need to boot with a keyboard and monitor (or maybe gpio serial?) | ||||
| Steps To Reproduce | Create an empty ssh file in the root of the sdcard (which is basically the /boot partition), boot the pi and try to ssh as root | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-11-16 11:16 | sej7278 | New Issue |
