Page MenuHomeVyOS Platform
Create Task
Maniphest T5739

Password recovery does not work if public keys are configured
Closed, ResolvedPublicBUG
Actions

Description

If a public key is configured in the config file, the password recovery tool (standalone_root_pw_reset) cannot reset a password.

The problem exists because regex used for sed there expects to find the password before the first line with the`}` character, but the public key section breaks this logic.

Affected sed command (https://github.com/vyos/vyatta-cfg-system/blob/2ec876ba9034c4e35538860d3128c6c13e185825/scripts/standalone_root_pw_reset#L29-L32):

set_encrypted_password() {
    sed -i \
       -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password $2/" $3
}

Config with public keys:

login {
    user vyos {
        authentication {
            public-keys keyname {
                type "ssh-ed25519"
                key "keydata"
            }
            encrypted-password "passworddata"
            plaintext-password ""
        }
    }
}

Details

Difficulty level
Normal (likely a few hours)
Version
1.3.4, 1.4, 1.5
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.6

Event Timeline

zsdc changed the task status from Open to In progress.Nov 14 2023, 12:42 PM
zsdc claimed this task.
zsdc created this task.
pasik added a subscriber: pasik.Nov 14 2023, 12:54 PM
zsdc renamed this task from Password recovery does not work in Equinix Metal to Password recovery does not work if public keys are configured.Nov 14 2023, 1:18 PM
zsdc triaged this task as High priority.
zsdc updated the task description. (Show Details)
zsdc changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
zsdc added projects: VyOS 1.4 Sagitta, VyOS 1.5 Circinus.Nov 14 2023, 1:24 PM
zsdc changed Version from 1.3.4 to 1.3.4, 1.4, 1.5.
zsdc changed Why the issue appeared? from Will be filled on close to Implementation mistake.
zsdc changed the task status from In progress to Needs testing.Nov 14 2023, 4:23 PM

PR for 1.5: https://github.com/vyos/vyatta-cfg-system/pull/213

Viacheslav edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.Nov 14 2023, 5:17 PM
syncer changed the task status from Needs testing to In progress.Nov 15 2023, 5:03 AM
syncer moved this task from Need Triage to Backport Candidates on the VyOS 1.5 Circinus board.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:36 PM
Viacheslav closed this task as Resolved.Feb 2 2024, 4:24 PM
Viacheslav moved this task from Backport Candidates to Finished on the VyOS 1.5 Circinus board.
Viacheslav added a subscriber: Viacheslav.

merged

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.Feb 2 2024, 4:24 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.6) board.
dmbaturin mentioned this in 1.3.6.Feb 3 2024, 1:59 AM