Page MenuHomeVyOS Platform

Passwords With Dollar Sign Set Incorrectly
Open, LowPublicBUG

Description

It appears that passwords with the dollar sign in them are not being set correctly. I've tried setting it two ways and noticed the same behavior (note: this password is no longer in use):

vyos@cr01a-vyos# set system login user vyos authentication plaintext-password "HqNzXaK27k19$P5Q"
vyos@cr01a-vyos# set system login user vyos authentication plaintext-password HqNzXaK27k19$P5Q

Both of these result in the password HqNzXaK27k19 actually being set.

Details

Difficulty level
Normal (likely a few hours)
Version
1.3-beta-202106170642
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

hi @trae32566

I 've been checking this behavior with a different password , also I used the same password as you . But I couldn't reproduce the issue , both cases i add $ in the word and change the hash, let me show :

vyos@rt-vrrp1# compare
[edit system login user vyos authentication]
+plaintext-password HqNzXaK27k19
[edit]

hash result:

set system login user vyos authentication encrypted-password '$6$GONvq5NiauoRYpme$.AGMa7Fu6X5M.ODZWmkQN2axAQYZmAPteiNKrsaE2idfOmu9Xi7OTf5T1NkyIopgrHpa1Cxg/zGQXcOs4huJw0'

case two :

vyos@rt-vrrp1# compare
[edit system login user vyos authentication]
+plaintext-password HqNzXaK27k19$

hash result :

set system login user vyos authentication encrypted-password '$6$UAjHnVuGRqJhsJXd$2Uve6gPFU0A8T8y3Nf4bPzqgSiY9lg.0KtPEFNxKDMgADHhJwhPxLhm5FcFghcrNTKUerS6I.rQWBd1E4AAGs0'

@fernando Are you sure you're testing this on 1.3?

vyos@cr01a-vyos# run show ver

Version:          VyOS 1.3-beta-202106170642
Release Train:    equuleus

Built by:         autobuild@vyos.net
Built on:         Fri 18 Jun 2021 03:42 UTC
Build UUID:       411eb8f3-6169-4604-8cd2-50dff36d04a7
Build Commit ID:  8b329ff4a7dce6

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal

Hardware vendor:  Supermicro
Hardware model:   SYS-6019U-TN4R4T
Hardware S/N:     S291441X9804861
Hardware UUID:    00000000-0000-0000-0000-ac1f6bc7bd5a

Copyright:        VyOS maintainers and contributors
[edit]
vyos@cr01a-vyos# set system login user vyos authentication plaintext-password HqNzXaK27k19$P5Q
[edit]
vyos@cr01a-vyos# comp
[edit system login user vyos authentication]
+plaintext-password HqNzXaK27k19

Note the configured plaintext-password is missing the $ and everything after. I assume it's being interpreted as a variable.

Confirmed that's what is happening:

vyos@cr01a-vyos# TEST='variable'
[edit]
vyos@cr01a-vyos# set system login user vyos authentication plaintext-password HqNzXaK27k19$TEST
[edit]
vyos@cr01a-vyos# comp
[edit system login user vyos authentication]
+plaintext-password HqNzXaK27k19variable

Try to set single quotes.

yes, I am using the following version :

vyos@rt-vrrp1# run show version

Version:          VyOS 1.3.0-rc4
Release Train:    equuleus

Built by:         Sentrium S.L.
Built on:         Mon 19 Apr 2021 08:28 UTC
Build UUID:       8d9996d2-511e-4dea-be4f-cd4515c404f3
Build Commit ID:  2aac286ccfe594

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  Bochs
Hardware model:   Bochs
Hardware S/N:
Hardware UUID:    a427d911-15f1-47e5-b810-a78b547db1f3

Copyright:        VyOS maintainers and contributors

I tried several times , and it works fine .

vyos@rt-vrrp1# compare
[edit system login user vyos authentication]
+plaintext-password HqNzXaK27k19$
[edit]

I did an additional test , so I used the password that you shared with us to login into the lab environment , I can login without problems(use $) .

Try to set single quotes.

Yup...that did it. I take it this is intended behavior then? I will close this if so.

I did an additional test , so I used the password that you shared with us to login into the lab environment , I can login without problems(use $) .

Weird... I'm not real sure what to say there.. I tested it on 1.3 and 1.4, on 4 different servers..so maybe it's something recent? Either way, if it's intended behavior, that's fine.

Not sure about double quotes, but for example for cloud-init configs, it is necessary to use single quotes.
Ideally, the configuration should look like in show configuration commands

syncer edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.