Default root password in imagebuilder

giorez · December 27, 2024, 10:09am

I'm following this page https://openwrt.org/docs/guide-user/additional-software/imagebuilder, since I'm trying to set a default password during building. I have tryed to put command strings into a custom files. But the router boots an empty password.

cat <<EOF > ~/Documents/openwrt/openwrt-imagebuilder-24.10.0-rc4-ramips-mt7621.Linux-x86_64/files/etc/uci-defaults/99_default-password
# echo 'Updating root password'
NEWPASSWD=123456
passwd <<EOP
echo "\${NEWPASSWD}"
sleep1
echo "\${NEWPASSWD}"
exit 0 # IMPORTANT, if we no put this, will executed endlessly
EOP
EOF

Any help is appreciated

Gharib24 · December 27, 2024, 10:52am

Create password hash and replace root_password_hash value

mkpasswd -m sha-256

99_default-password file contents

root_password_hash='$5$PPtQyQFcE8glNo0h$UlGDOa2h4hSEsrrz4PtzisgSXZMccF5eM1VuPg.Fji6'
grep -q "$root_password_hash" /etc/shadow||sed -i "s|^root::|root:$root_password_hash:|" /etc/shadow
exit 0

giorez · December 27, 2024, 11:01am

do I need to create this value with a host computer (I am on archlinux: mkpasswd -m sha-256 - bash: mkpasswd: command not found) or on openwrt router?

flygarn12 · December 27, 2024, 11:35am

Ok, just checking!
Do you have a working serial connection on this device before proceeding?
And what is your plan B?

giorez · December 27, 2024, 11:38am

I actually have a openwrt image booted, up and running, before I flash the new image with the default password. thanks!
And yes, I can have a serial connection throught router's jtags, and in case something goes wrong I have factory image and use the reset button.

Gharib24 · December 27, 2024, 11:48am

Yes or you can use openssl in openwrt
openssl passwd -5

giorez · December 27, 2024, 12:15pm

it worked like a charm. here is the strings to set the default password during building:

cat <<EOF > ~/Documents/openwrt/openwrt-imagebuilder-24.10.0-rc4-ramips-mt7621.Linux-x86_64/files/etc/uci-defaults/99_default-password
# echo 'Setting default root password: xxxxxxx  ->'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
root_password_hash='xxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
grep -q "\$root_password_hash" /etc/shadow||sed -i "s|^root::|root:\$root_password_hash:|" /etc/shadow
exit 0
EOF

totkeks · December 27, 2024, 1:11pm

Two things:

Don't post your root password online
Use ssh key if you want to connect via ssh

For LuCi access it doesn't really matter if your password is empty or admin. Equally easy to access.

system · January 6, 2025, 1:12pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.