FreeNAS 11.2-RELEASE-U1 (latest as of this post)
I am trying to "secure" the RancherOS installation, specifically I want to "disable" password login over SSH (after enabling SSH authentication) and then enable auto-login via the VM serial terminal (where the authentication happens at the FreeNAS UI or CLI level).
Adding the SSH key is not a problem and pretty standard. Now I need to change and/or disable the default password. The password is defined in the boot parameters as shown by dmesg:
[ 0.000000] Command line: console=ttyS0 BOOT_IMAGE=/boot/vmlinuz-4.14.73-rancher rancher.password=docker printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.wait rancher.resize_device=/dev/sda
There are two issues here: 1) The default password is published and well-known, therefore by its very nature insecure. 2) The password always resets to docker... even if you change it after boot.
Typically with RancherOS, I would change the boot parameters by running ros config syslinux, but it doesn't let me... here's what's in there currently:
APPEND printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.wait panic=10
If I add something like rancher.password= or rancher.autologin=true, this does not get properly set within the boot parameters (notice how panic=10 is also not within the command-line pasted above).
I can't find anywhere else these parameters are set to "fix" this issue.
Anyone have any ideas for me?
I am trying to "secure" the RancherOS installation, specifically I want to "disable" password login over SSH (after enabling SSH authentication) and then enable auto-login via the VM serial terminal (where the authentication happens at the FreeNAS UI or CLI level).
Adding the SSH key is not a problem and pretty standard. Now I need to change and/or disable the default password. The password is defined in the boot parameters as shown by dmesg:
[ 0.000000] Command line: console=ttyS0 BOOT_IMAGE=/boot/vmlinuz-4.14.73-rancher rancher.password=docker printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.wait rancher.resize_device=/dev/sda
There are two issues here: 1) The default password is published and well-known, therefore by its very nature insecure. 2) The password always resets to docker... even if you change it after boot.
Typically with RancherOS, I would change the boot parameters by running ros config syslinux, but it doesn't let me... here's what's in there currently:
APPEND printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.wait panic=10
If I add something like rancher.password= or rancher.autologin=true, this does not get properly set within the boot parameters (notice how panic=10 is also not within the command-line pasted above).
I can't find anywhere else these parameters are set to "fix" this issue.
Anyone have any ideas for me?