to get the user "pi", password "raspberry" (as it used to be in earlier releases)
I tried the procedure twice with the above username/password, this to ensure I can reuse the same userconf.txt file for all installations in the future, with success.
What I don't understand is that the command echo "raspberry" | openssl passwd -6 -stdin (see the instruction in the above link), executed on my running pihole (image january 28th 2022) generates a different encrypted password every time I run the command.
Not really related to Pi-hole, so take it with a grain of salt:
Without having checked the exact algorithm (-6) used, I'd guess that the password is salted with some time-based randomness.
I'd stick with the random salt, but if you'd want the output to be reproducible, you may have to supply your own -salt <string>.
Add your own -salt if want the exact same hash being generated:
pi@ph5b:~ $ openssl passwd --help
Usage: passwd [options]
Valid options are:
-help Display this summary
-in infile Read passwords from file
-noverify Never verify when reading password from terminal
-quiet No warnings
-table Format output as table
-reverse Switch table columns
-salt val Use provided salt
-stdin Read passwords from stdin
-6 SHA512-based password algorithm
-5 SHA256-based password algorithm
-apr1 MD5-based password algorithm, Apache variant
-1 MD5-based password algorithm
-aixmd5 AIX MD5-based password algorithm
-crypt Standard Unix password algorithm (default)
-rand val Load the file(s) into the random number generator
-writerand outfile Write random data to the specified file
I always use the dd tool on another system to write to SD.
And mount the root boot partition to touch /boot/ssh and create wpa_sup if needed.
Not a biggy to do an extra:
pi@ph5b:~ $ man useradd
[..]
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the
configuration files from the CHROOT_DIR directory.
[..]
-m, --create-home
Create the user's home directory if it does not exist. The files
and directories contained in the skeleton directory (which can be
defined with the -k option) will be copied to the home directory.
By default, if this option is not specified and CREATE_HOME is
not enabled, no home directories are created.
[..]
-p, --password PASSWORD
The encrypted password, as returned by crypt(3). The default is
to disable the password.
Note: This option is not recommended because the password (or
encrypted password) will be visible by users listing the
processes.
You should make sure the password respects the system's password
policy.
I don't need to add wpa_sup and dd doesn't work from Windows. Besides that, the Raspberry Pi Imager tool can write to the SD-card from zipped images (backups).
So can dd if pipe | from unzip / gzip.
I prefer dd as i dont need any desktop and could even do it from my Linux NAS (that stores the zipped images).
But prefer my Debian laptop that has a reliable card reader.
For Windows, the Pi imager is a very nice tool.
The ssh file was always required for the SSH server to be installed. But previously it was usable OOTB with the pi user. Since OpenSSH does not allow root password logins by default, without a non-root login user you wouldn't be able to login via SSH. Thought I'm currently unsure whether there is a way to deploy an SSH public key for root with some file/config in /boot .
my understanding is that the raspberry pi imager has a setting icon where you can create this configuration.
the default images will add those files for you.
(at least a colleague told me when he needed some instructions for installing pi.hole)
I haven't done any new installations this month.
Nice, even a public key can be added via imager. Would be nice to have a way doing that just by placing/editing a file in boot filesystem to not depend on the imager or a GUI in general, but usually that is not an issue.
Isn't that what I did in the first post of this topic?
I use (since forever) SD card Formatter and WinDiskImager. After the write has completed, I simply drag/drop the required files on the SD card, eject, done.
You created the pi user with password, but not the public SSH authentication key (for passwordless and safer SSH authentication), or did I overlook something?
Nope, correct, haven't investigated that option, however,
I assume Raspberry Pi Imager (a windows app - mac version available) can only write to the fat32 boot partition. Assuming this is correct, it implies a file is added to the boot partition, containing this information, used to create the required files when the system boots for the first time. Simply find the name (documented?) of the file and add it (drag/drop) on the boot partition, before ejecting the SD card.
personally, I copy the required files in the /home/pi/.ssh folder and change the owner and permissions, using script, whenever performing a new install, after first boot.
I was wondering exactly that, since there are no native ext4 drivers for Windows and the 3rd party ones I know are either read-only or using them for writing often destroy the filesystem (when I tested last). A view into the FAT partition after using the imager should give clarification. SD cards here are currently on heavy use, but will do that when I find time.