Root Password Initialisation
|Reported by:||mglb1||Owned by:||mglb1|
|Priority:||major||Milestone:||Rural Link Farm Networks Product Launch|
|Estimated Hours Work:||6|
The rurallink pxe boot scripts need to be extended to generate and set the root password on each rurallink device.
The root password will be set to
md5(eth0mac + master_password)[-8:]
This means that we can give out the root password for a specific device without compromising the security of other devices.
If the master password is compromised and the above algorithm is known then all devices are compromised. However this password is only useful via serial as SSH only allows logins with a public key, so the failure case of the master_password being compromised is not too severe.
Password generation will be handled inside the Configuration System Daemon so that the master password is not stored with the pxe-scripts. When given a MAC address a password will be returned, this ensures that the master password is not inadvertantly disclosed.