SSH: cannot check for default password because of Debian bug #1003151

Signed-off-by: nachoparker <[email protected]>
nextcloud · Mar 5, 2022 · 21b7fe7 · 21b7fe7
1 parent f473f73
commit 21b7fe7
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 32 deletions.
diff --git a/bin/ncp/BACKUPS/nc-snapshot.sh b/bin/ncp/BACKUPS/nc-snapshot.sh
@@ -32,7 +32,7 @@ configure()
     return 1
   }
 
-  btrfs-snp $MOUNTPOINT manual $LIMIT 0 ../ncp-snapshots
+  btrfs-snp "${MOUNTPOINT}" manual "${LIMIT}" 0 ../ncp-snapshots
 
   restore_maintenance_mode
 }

diff --git a/bin/ncp/NETWORKING/SSH.sh b/bin/ncp/NETWORKING/SSH.sh
@@ -39,38 +39,40 @@ configure()
   echo -e "$PASS\n$CONFIRM" | passwd "$USER" || return 1
 
   # Check for insecure default pi password ( taken from old jessie method )
-  local SHADOW="$( grep -E '^pi:' /etc/shadow )"
-  test -n "${SHADOW}" && {
-    local SALT=$(echo "${SHADOW}" | sed -n 's/pi:\$6\$//;s/\$.*//p')
+  # TODO Due to Debian bug #1003151 with mkpasswd this feature is not working properly at the moment - https://www.mail-archive.com/[email protected]/msg1837456.html
+  #local SHADOW SALT HASH
+  #SHADOW="$( grep -E '^pi:' /etc/shadow )"
+  #test -n "${SHADOW}" && {
+    #SALT=$(awk -F[:$] '{print $5}' <<<"${SHADOW}")
 
-    [[ "${SALT}" != "" ]] && {
-      local HASH=$(mkpasswd -msha-512 raspberry "$SALT")
-      grep -q "${HASH}" <<< "${SHADOW}" && {
-        systemctl stop    ssh
-        systemctl disable ssh
-        echo "The user pi is using the default password. Refusing to activate SSH"
-        echo "SSH disabled"
-        return 1
-      }
-    }
-  }
+    #[[ "${SALT}" != "" ]] && {
+      #HASH=$(mkpasswd -myescrypt raspberry "${SALT}")
+      #grep -q "${HASH}" <<< "${SHADOW}" && {
+        #systemctl stop    ssh
+        #systemctl disable ssh
+        #echo "The user pi is using the default password. Refusing to activate SSH"
+        #echo "SSH disabled"
+        #return 1
+      #}
+    #}
+  #}
 
   # Check for insecure default root password ( taken from old jessie method )
-  local SHADOW="$( grep -E '^root:' /etc/shadow )"
-  test -n "${SHADOW}" && {
-    local SALT=$(echo "${SHADOW}" | sed -n 's/root:\$6\$//;s/\$.*//p')
+  #SHADOW="$( grep -E '^root:' /etc/shadow )"
+  #test -n "${SHADOW}" && {
+    #SALT=$(awk -F[:$] '{print $5}' <<<"${SHADOW}")
 
-    [[ "${SALT}" != "" ]] && {
-      local HASH=$(mkpasswd -msha-512 1234 "$SALT")
-      grep -q "${HASH}" <<< "${SHADOW}" && {
-        systemctl stop    ssh
-        systemctl disable ssh
-        echo "The user root is using the default password. Refusing to activate SSH"
-        echo "SSH disabled"
-        return 1
-      }
-    }
-  }
+    #[[ "${SALT}" != "" ]] && {
+      #HASH=$(mkpasswd -myescrypt 1234 "${SALT}")
+      #grep -q "${HASH}" <<< "${SHADOW}" && {
+        #systemctl stop    ssh
+        #systemctl disable ssh
+        #echo "The user root is using the default password. Refusing to activate SSH"
+        #echo "SSH disabled"
+        #return 1
+      #}
+    #}
+  #}
 
   # Enable
   chage -d 0 "$USER"

diff --git a/changelog.md b/changelog.md
@@ -1,5 +1,7 @@
 
-[v1.46.7](https://github.com/nextcloud/nextcloudpi/commit/bd49019) (2022-03-04) nc-hdd-monitor: fix Bullseye service name
+[v1.46.8](https://github.com/nextcloud/nextcloudpi/commit/dc7046b) (2022-03-04) SSH: cannot check for default password because of Debian bug #1003151
+
+[v1.46.7](https://github.com/nextcloud/nextcloudpi/commit/f473f73) (2022-03-04) nc-hdd-monitor: fix Bullseye service name
 
 [v1.46.6](https://github.com/nextcloud/nextcloudpi/commit/c9610e4) (2022-03-03) ncp-dist-upgrade: fix VM grub-pc issue
 

diff --git a/tag_and_push.sh b/tag_and_push.sh
@@ -16,10 +16,10 @@
 
 set -e
 
-TAG="$@"
+TAG="$*"
 
 source build/buildlib.sh
-git tag "$TAG"
+git tag -f "$TAG"
 generate_changelog
 git add changelog.md
 git commit -C HEAD --amend