grml icon indicating copy to clipboard operation
grml copied to clipboard
verified publisher icon grml

Unnecessary and misleading WARN messages at boot

Open crass opened this issue 4 months ago • 2 comments

Describe the bug When booting with the commandline options ssh encpasswd=..., I see the following messages at startup:

[  OK  ] Bootoption ssh found, trying to set password for root and user grml
tr: write error: Broken pipe
[ WARN ] No given password for found. Using random password: rpkw7RMNtzGqkIxAp7O
CbgVmSLf3
[ WARN ] Warning: please change the password for root and user grml as soon as p
ossible!
[  OK  ] Starting secure shell server in background for root and user grml
         Starting ssh.service - OpenBSD Secure Shell server...
[  OK  ] Started ssh.service - OpenBSD Secure Shell server.
         Starting avahi-ssh.service - Deploy SSH service config for Avahi...
[  OK  ] Bootoption encpasswd found, trying to set hashed password for root and 
user grml
[ WARN ] Warning: please change the password for root and user grml as soon as possible!

Steps To Reproduce Boot with the commandline options ssh encpasswd=... (hash given was created using mkpasswd -H md5).

Expected behavior These WARN messages should not be shown. The first indicates that a random password is being used, but the hash indicated does not exist in /etc/passwd and the hash specified via encpasswd is set properly. Maybe the handling of encpasswd should happen before ssh.

In which Grml Version did the bug occur? I'm using grml-full-2025.08-amd64.iso

Output of grml-version: grml-full-amd64 2025.08 Release Codename Oneinonein [2025-08-15]

crass avatar Aug 24 '25 01:08 crass

Ah, nice catch, we need to reproduce this and see what needs to be done about it.

Thanks for your bug report! 👍

mika avatar Oct 06 '25 15:10 mika

Thanks for the report, we managed to track down the issue and while we didn't manage to fix this in time for 2025.12 release, the relevant fix/change will available in the upcoming daily ISOs (and scheduled for first Grml release in 2026).

One issue is left to be taken care of though, as you wrote:

Maybe the handling of encpasswd should happen before ssh.

Would be nice if manage to get this right©️, but for now you should be able to use services=ssh encpasswd=... to get this going as expected (in terms of warning/notices :)). Because with only ssh you're requesting a random password by the ssh setup, while ssh=password would also set the password. But I agree that it would be nice if encpasswd could also be used in combinatino with ssh and get a consistent behavior and messages. :)

mika avatar Dec 11 '25 23:12 mika