new user creation and password complexity

[hchenji]

How can I disable the first run scripts that force you create a new user on a fresh install? And how do I get it to accept simple passwords?

[Ravaz]

Did find out how to do it?

[chwe]

On 7/21/2018 at 12:03 AM, hchenji said:

And how do I get it to accept simple passwords?

reasons why simple passwords might be a bad idea:

• https://en.wikipedia.org/wiki/Mirai_(malware)
• https://blog.radware.com/uncategorized/2018/03/history-of-iot-botnets/
• etc...

by allowing simple passwords or default passwords active (e.g. 1234 is one of the 'dumbest' you can imagine when it's set permanently).

 

from armbian.com:

Quote

Secure

Images are made fully automatised from sources. Releases are PGP signed and code is regularly inspected by community.

 

You can do whatever you want to do here: https://github.com/armbian/build/blob/master/config/templates/customize-image.sh.template

but there won't be any official images with disabled/lowered security. 

[lrrr]

Using customize-image.sh to create an image.  Add to or replace script:

#!/bin/bash

# remove new user prompt
rm /root/.not_logged_in_yet

# change to weak password
echo "root:qwerty" | chpasswd

If you are trying to do this from official images.  After writing image to sdcard, mount, chroot, and run above.  Or mount, remove .not_logged_in_yet, and manually create new password by using mkpasswd and insert into /etc/shadow.  For more info, check man pages for shadow, mkpasswd.

 

Edit: For official images; mount sdcard, create /boot/armbian_first_run.txt and copy code into the file.  It should exec them on first run.

Edited September 22, 2018 by lrrr
Additional info