TurnKey Linux Virtual Appliance Library

Joomla Appliance is root but no password, and how do I configure NAT

Conrad Bate's picture

Hi there i'm very new to this appliance scene (i've only spent a few hours on it) but i'm not new to vmware (we use it at work heavily) however I am a programmer by "trade", and one who uses linux barely, (mostly Windows based) so there are a couple of questions I have. I appreciate these are probably covered elsewhere but my googling collided with lots of OT info and i'm not sure how to phrase myself right, so I find myself here. :-)

so if I ask it out "loud" perhaps people can link me and get me in the right direction.

Question 1) when I installed the joomla install on a Virtual Box on a Vista x64 box I followed this tutorial fine http://www.youtube.com/watch?v=g-xXHD051eg (although since I'm running Virtual Box on Vista and the VM settings are different and or/ it's now December and that youtube is from June). Nevertheless it went fine EXCEPT when I putty to the VM i.p. address on SSH  (as I would want considering I am on Win platform) it doesn't prompt me for my root password (see screen shot) I assume this is a bug or a feature since I am logging in from the host machine? Either way how do I force the root password to be asked.

Question 2) How do you manage the networking on a VM. what I mean is, if I want to host a Virtual Box on an active webserver how do I do it? I'm not sure where to start on this one: normally a bare metal apache machine has a real I.P. that you DNS all your domains to (or it's router does, and you're pump the external port 80 traffic to it). Once you're at the bare metal it's at the apache vhosts level you then assign it to actual physical disk locations EG: c\:www\domain.com or something.

Is what I want to do is say "hey mr DNS the new domain i.p. is ->this<-" and then know that I.P. is NAT'd to the VM? or what? Does that mean my bare metal needs 2 I.P. addresses? Basically I am confused, I am surely missing the elephant in the room. So can someone point to me so my thinking is front to back and not back to front?

Jeremy's picture

Seems strange behaviour!

Hi Conrad and welcome to the wonderful world of TKL! Its a very friendly community here so no fear of getting flamed!

I'm not sure about your first question. Are you using the .iso or VM image? I have only used the .isos and in my experience you are required to set a root password on install (although I haven't used Joomla). I was under the impression that on first run of the VM imagages you needed to set passwords etc too.

It sounds like you have not been required to set a password at that stage! If thats the case then I think this is a fairly important security bug. Probably not so much to IT savy ppl who understand the risks, but others having a dabble may not realise the potential danger of that behaviour (ie if the server faces the internet, anyone, anywhere could SSH in and do whatever they want as the root user)! A bit scarey really! It'd be interesting to know the steps you took when setting up/installing to see if the bug can be recreated.

As for solving it on your VM, have a look at this thread for details on setting/resetting the password. That should head you in the right direction!

As for your second question, there are a couple of answers. If you are using bridged networking (a common default), your DHCP server should give your TKL server a seperate IP (DHCP should treat it the same as a bare metal machine). Another option (if you don't want an extra IP on your network and/or wish to use the same IP but a different port) is to use a NAT'd address. Most VM software (VMware and VirtualBox at least) provide facility to port forward to VMs. You should be able to find the relevant documentation on their respective websites (I would imagine lots of info available via google too).

Good luck and hope thats of some use to you!

Hi Conrad,   I try a few of

Hi Conrad,

 

I try a few of the TKL linux virtual aplliances and there is no root password by default.

 

If you wish to set password for the root user.

type in ssh terminal of the system

passwd

Then set your new password and try to login again with another session.

For the second question about your IP address.

You can see your IP adress on the menagement console if you have DHCP server and your network is set to brigged and you can ping this address.

If you wish to use static IP adress you can do this too from the menagement console.

Then just set in your dns server your new IP address.

 

Hope this help you.

Jeremy's picture

So the first run - set password config is not running?!?

I assume you are both using images? (I have used many of the isos and they all require a password to be set at install).

Good call on the passwd command Hristofor!

Another option to set a static IP is via confconsole. You should be able to invoke the confconsole (at the terminal prompt inside your TKL server) with this command:

/usr/bin/confconsole

 

Conrad Bate's picture

thanks

yes I'd actually done two turnkey iso/virtual box installs (LAMP and JOOMLA) and both had installed then ended up without a root password... it is passwordless no matter what the reason so thanks for the heads up, just a shame they never spoke about why they opted for that..

The only "slightly" disturbing thing is that you're asked to SET the root password in the ISO install of ubuntu so it's rather confusing/alarming to be asked for a root password then find that it's not there when you set it!

About the Network Bridge, I read this article here and it explained lot, so i'm aware of what to do with all that stuff now, thanks.

http://www.virtualbox.org/manual/UserManual.html#network_nat

On a completely different note I was suprised by the lack of easy-find info as to where the turnkey linux build keeps it's php.ini, httpd.conf/httpd-vhosts.conf locations (i've never had to fiddle with the MySQL one!) and where the root of the apache host "really" is.. just a thought but that should maybe be on the turnkey advanced page... it's all you "really" ever want to know on a LAMP.. i'll (of course go and dig that out, but not being a ubuntu or a linux guys - - I just used WAMPS up until now - - it's be a nice small touch perhaps) I know that it's trying to help you with the out-of-the-box webconfig panel approach but I think in all honesty there are disadvantages to making a evolved perceptive user rewind to relearn what isn't usable to them. i.e. running a webserver is "hard" learning curve no matter how "easy" you'd like to make it, so why try to paint the gold on it? :D Just my first impressions. Still ace ace ACE tool that I am already addicted to!

 

**EDIT** I was not at home as I wrote that, i'm at work, but i've just been to the Turnkey LAMP page and it appears that that info IS (sort of) there at the inbound port 80 http level... I guess I was expecting to see it on the shell page and I went straight into the ssh shell in putty and forgot to "visit" that port 80 page :-) **EDIT**

Alon Swartz's picture

re: blank passwords

Sorry for not answering sooner, just been really busy with some really cool stuff we are developing for TurnKey.

Anyway, the VM image passwords are blank (unless otherwise specified on the appliance page). It might be a good idea to somehow prompt the user to specify the relevant passwords, but I am not really sure the best way of doing this. On firstboot? Via the confconsole? Are there situations where the user doesn't have console access? What do you think?

Regarding passwords not set during the ISO install, are you sure you are booting the installed system (ie. boot from first harddisk)?
Conrad Bate's picture

You are invited to specify

You are invited to specify both a mysql and a root password on install in the debian "bit" of ubuntu

As in this EG: http://www.youtube.com/watch?v=g-xXHD051eg#t=2m01s

The root just doesn't get used

Jeremy's picture

Oh I assumed the VM images set password on first boot

@Conrad - I suspect (like Alon) that even though you installed, when you reboot it is actually booting into the Live CD rather than your installed instance. To make doubley sure that you are booting the installed instance, unmount the iso from the VM (using the VirtualBox dialog). If you are definitely running on the installed instance and it still doesn't require a password, then that is very strange behaviour and worthy of further investigation.

@Alon - Whilst I'm not using the VM images, I would think that on first boot would be the go. Although there may be instances were local console access is not possible and having it run on first boot (or any other way that requires local access) would be a deal-breaker in those situations.

I wonder is there a way to run it on first SSH connection? Could this some how be done using the GNU 'screen' command? Or a web config that allows access so you can set a password, until that is done you don't get any root access through any means?

Or is this all just overcomplicating it? What about just setting an abitary root password, with advice to reset it (especially if it is live online). Whilst this is still far from secure, it is marginally better than no password at all. And/or how about redirect to a warning page (or have a warning pop-up or something) when downloading VM images, so the user is fully aware of the situation?

Conrad Bate's picture

@JedMister follow that

@JedMister follow that youtube that I posted and you will see what I am refering to :-) I see what people are talking about with the iso images I wasn't installing an image - I didn't even know there was one - I was installing from a iso of a install cd. i.e. as in the youtube example. Basically watch the video all the way to the end and the bit when he connects via putty? well it's password less :-)

Tangent:

Also does anyone have any experience of using vhosts and mod_proxy on the bare metal host to facilitate the VM's? i.e. run apache to forward the call to apache?

EG: http://httpd.apache.org/docs/2.0/vhosts/examples.html#proxy

Seems like a nice way to go? or have I got the wrong end of the stick?  i.e. the bare metal host forwards the domains to the relevant vm which then catches the call and parses the correct page. That way you could run a dozen vm's each running a dozen domains and back each one up (good if you have customers that only want to access that one box) what do you think?

 @Alon I see what you are refering too. I think blank passwords in that context are permissable. Either that or you post an ascii message emergency repsonse on every connection port there is telling them to go to "some web link" that explains EXACTLY why it's stalled what they need to do (and show the same message at the console window,ssh terminal with exception that there is an option to set it)

Jeremy's picture

I had a look at the video

But I'm still not sure how you managed to login without a password. It doesn't work for me. If I access it through VirtualBox console window then it will boot to confconsole (without needing a password) but if you exit that then you need to use your password to continue. If SSHing in (I use PuTTY) it requires me to enter the password or will not connect?!?

Conrad Bate's picture

@JedMeister ok I must be

@JedMeister

ok I must be missing something I "emptied" the iso image out of the "virtual cd drive" and now it asks for a root password on putty..

Can you explain to me what is going on? It definately booted off the virtual C drive. I saw it go through the exact same boot sequence and everything. Just no countdown option at the start? I am happy to be totally wrong ( I was!) but I am at a loss to explain how a CD in a tray can affect needing a boot password lol.. the install was not an image it was a "iso boot cd"

Jeremy's picture

Ah-ha! Sounds like it was booting into the 'live' environment!

As you may or may not be aware, TKL appliances are built so they can be run live from the cd (runs in RAM without installing - no changes made to the HDD), much the same way as a normal Ubuntu desktop CD (or many other distros). So while the iso image remained accessable, your VM is actually booting into a 'live' environment rather than running off your installation (on your virtual HDD).

That is what Alon was aluding to when he said for you to make sure that you "boot from first harddisk". Its an option on the boot menu, along with install, and boot the CD 'live' - which is default if nothing is pressed!

Luckily you realised this before you'd done a lot of work and restarted - as you would've lost the lot!

@Alon & Liraz - Perhaps some sort of notification is needed when TKL is running live so you can easily see thats whats going on? Or is it possible to set a password such as 'live' for the live CD? I imagine that should be doable as I have seen other distros where the live user is 'guest'.

[edit] Just re-read your post - sorry, it sounds like a lot of my reply is superfluous. Anyway I'll leave it there, someone might find it useful! So, you were sure you were running off the virtual HDD. So you selected "boot from first harddisk" on the boot menu and it was still going into the live instance? Can you please just remount the iso and double check that? If it is doing that then it sounds like a bug. At least we've already found a workaround!

Liraz Siri's picture

Good feedback

1) Currently if you install from the ISO you go through the installed which asks you to set passwords and such. If you deploy the VM image then we don't have the opportunity to set passwords for you so we usually just leave them empty or use something simple like "turnkey", as documented on the appliance page.

For future versions we're thinking of working on making it possible for a user to the installer's configuration routines AFTER installation. That way it should be easier to set passwords even if you're using the VM build...

2) Making it easier for users to notice they are in the live environment is a good idea. Maybe we can patch the TurnKey console message and motd. I prefer empty passwords to something like "live" because an empty password is more convenient and consistent with the VM build.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)