Change Details

After the normal password recovery procedure (via the GRUB menu) a new password is not applied. Most likely, something is wrong with the password recovery script `standalone_root_pw_reset`.

If a public key is configured in the config file, the password recovery tool (`standalone_root_pw_reset`) cannot reset a password. The problem exists because regex used for `sed` there expects to find the password before the first line with the`}` character, but the public key section breaks this logic. Affected `sed` command (https://github.com/vyos/vyatta-cfg-system/blob/2ec876ba9034c4e35538860d3128c6c13e185825/scripts/standalone_root_pw_reset#L29-L32): ``` set_encrypted_password() { sed -i \ -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password $2/" $3 } ``` Config with public keys: ``` login { user vyos { authentication { public-keys keyname { type "ssh-ed25519" key "keydata" } encrypted-password "passworddata" plaintext-password "" } } } ```

AfterIf a public key is configured in the normalconfig file, the password recovery procedure (via the GRUB menu) a new password is not appliedtool (`standalone_root_pw_reset`) cannot reset a password. MoThe problem exists because regex used for `sed` there expects to find the password before the first likelyine with the`}` character, something is wrong with the password recovery script `standalone_root_pw_reset`.but the public key section breaks this logic. Affected `sed` command (https://github.com/vyos/vyatta-cfg-system/blob/2ec876ba9034c4e35538860d3128c6c13e185825/scripts/standalone_root_pw_reset#L29-L32): ``` set_encrypted_password() { sed -i \ -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password $2/" $3 } ``` Config with public keys: ``` login { user vyos { authentication { public-keys keyname { type "ssh-ed25519" key "keydata" } encrypted-password "passworddata" plaintext-password "" } } } ```