Feature request: create disk from image without root password
In my experiments with the Linode API, it seems that if I specify an image when using the Disk Create API, then I must also specify a root_pass. Specifying an image without a root_pass gives an API error.
I would prefer my root accounts to have no password, and instead use a StackScript or some other automation to install suitable authorized_keys files for public-key authentication.
I would also like to be able to create disks from images without any interference from Linode at all. For example, I would like to be able to use images to create disks that are not boot/root disks.
Can you please make the root_pass parameter of the Disk Create API optional when creating a disk from an image or StackScript?
3 Replies
sabrinaShaget
Linode Staff
Hey there,
I tried to create a Disk using the API without a root password and got the same error, I will
definitely pass your request to the de development team.
An option is to disable the root password after you create your Disk. You can disable the root password for most distributions by running a passwd -d root or editing your /etc/shadow file.
Here is a post on stack overflow about it.
andrewm
Linode Staff
WARNING
Using passwd -d root is dangerous. Do not use it. It will allow you to log into your Linode as root through Lish without any password at all.
SOLUTION
Use passwd -l root instead (-l for --lock). This will lock the root password by changing its /etc/shadow encrypted password entry to a value that no password will ever match. This prevents any logins as root through Lish, but will still permit root logins as a limited user with sudo access.
Further security tips
It is strongly advised to not allow direct SSH logins as root. Instead, configure a limited user on your system which can temporarily gain privileges. Once you do so, you can disable SSH logins directly as the root user.
You can follow these sections of our Documentation for more details on this setup:
I have always had unnecessary difficulties with raw disk images, after uploading and deploying a Linode from the raw image. Not only is a root password required, which I have already set up for myself in the image, but there is no way for me to select, upon deployment of the image from the cloud manager (or API likely as well), that the image I am deploying is a raw disk image. As a result, as it's an MBR bootable disk, the Linode kernel will try and boot the disk, panic because it can't mount it, then I'll have to either shut down the Linode and wait, or destroy it from lish before I can edit the profile to boot in raw disk image mode. There seem to be some unnecessary steps here, along with the requirement of a root password that's also unnecessary.