[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#986716: installation-guide: Preseeding passwd/root-password-crypted with "!" doesn't work as described

Source: installation-guide
Severity: normal
Tags: d-i


https://www.debian.org/releases/bullseye/amd64/apbs04.en.html section
B.4.5 talks about using "!" in passwd/root-password-crypted:
The passwd/root-password-crypted and passwd/user-password-crypted
variables can also be preseeded with "!" as their value. In that case,
the corresponding account is disabled. This may be convenient for the
root account, provided of course that an alternative method is set up
to allow administrative activities or root login (for instance by
using SSH key authentication or sudo).

When I tried that, it didn't seem to have any effect. From looking at
what I think is the relevant code[0], it looks like a value of "!" in
passwd/root-password-crypted is explicitly ignored. Is there a
recommended way to lock the root password without setting up another
user? (I want to set up ssh public key authentication for root, and no
other way to authenticate.)

[0] https://salsa.debian.org/installer-team/user-setup/-/blob/597e5e6c52d11f0de8e084b274c00c944c632f84/user-setup-ask#L34-43

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-security'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads)
Locale: LANG=nl_US.UTF-8@dseomn, LC_CTYPE=nl_US.UTF-8@dseomn (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C), LANGUAGE=nl_US@dseomn:nl_NL:nl_BE:nl:en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply to: