TurnKey Linux Virtual Appliance Library

How to login to Webshell on an EC2 instance?

Michel Deby's picture

Hello,

I just created a new EC2 instance with Magento appliance.

Now, I see that on the Turnkey panel, when we click on the "Webshell" icon, it starts a login procedure to Magento.

I have a very basic question...

What are the username/password set by default ?

Jeremy's picture

Username is root

Root is the Linux equivalent of the Windows Administrator account. Ideally the root password is set prior to first boot by preseeding via TKL Hub (in the case of an Amazon instance, otherwise at first boot). Alon (TKL core dev) saying that there are defaults if you choose not to do this (or launch without using the hub). He said that here but I'm not sure what the defaults actually are and I can't see it documented anywhere. I would try turnkey.

Michel Deby's picture

Reply to Jeremy

Thanks for your reply Jeremy.

I tried "root" plus a bunch of various passwords, including the one I set through Turnkey for mySQL etc.. But without success.

I tried also to create another instance, just in case I made a typing mistake but still not working.

One thing I can do is to log to PHPAdmin. There I could enter into the Magento database.

There I saw the username: It is not "root" but "admin" instead.

Then, I tried to change the password using the

UPDATE admin_user SET password=CONCAT(MD5('qXpassword'), ':qX') WHERE username='admin';

statement.

But Magento login still failed.

 

 
Jeremy's picture

How about you launch it via the Hub

And preseed your desired password(s). I'm assuming you've got a Hub account? If not, sign yourself up!

dYou shoul find that the default username for Webshell (Shell-in-a-box), Webmin, PHPMyAdmin and SSH/SFTP is root. Magento itself should be admin (as you've discovered).

Liraz Siri's picture

The default root password is random (for security purposes)

TurnKey AMIs don't have a default root password. By default, it's random. The Hub let's you optionally set this but if you're launching directly from AWS management console or cli tools (as opposed to the TurnKey Hub), you can find the random root password printed to the instance's virtual console, towards the end. AWS management console has an option to show the instance's console output.

An alternative might be to just log in with your SSH keys and then change the root password needed for webmin access

I realize this is inconvenient (if you don't use the Hub) but setting the root password to a fixed default would be very dangerous from a security standpoint as it would open a window of vulnerability between the time you launched an instance to the time you realized you had to change the password. Using automated tools it doesn't need to take more than a few seconds for an attacker to find and compromise your machine before you know it.

Root password

Hi,

I'm on Amazon EC2 and looking at the system log of a new Turnkey instance. Where do I find the random root password please? I appreciate the security but it's really not obvious where it is in the system log. I can find the following text:

hvc0:
    <snip>
    [47mRoot Password
    <snip>
    [47m Please enter new password for the root account.
    <snip>

Thanks,

Jon

Alon Swartz's picture

inithook is running interactively...

From the output you pasted (I snipped it), it seems that the inithook is running interactively, which should not be happening due to preseeding.

Did you launch via the Hub? Which appliance?
Michel Deby's picture

Reply

 

 

@Jeremy

I'm assuming you've got a Hub account?

Yes, I have it since today.

Magento itself should be admin (as you've discovered)

It should be written somewhere on the way.

@Liraz

TurnKey AMIs don't have a default root password. By default, it's random.

PhpMyAdmin is not random. I could connect to it easily through port 12322 with the silly password I defined during server creation with the hub. So security there is as high as the password I defined..

The Hub let's you optionally set this

This is what I did. 

With the hub, I did exactly the following (several time already)

  • Go to Hub here
  • Click on the right tab "Turnkey cloud deployment", then I filled as follow:
  • Turnkey appliance : "Magento"
  • Region : "Ireland"
  • Instance size : "m1 small"
  • Root password : Leave it blank (don't know what it is)
  • SSH key-pair : Select a pair I just created before (my guess is that it is used to login to the server)
  • MySQL Password : a silly 9 letters word of mine (all lowercase)
  • Magento admin password : the same silly 9 letters word of mine
  • Magento domain : The future e-commerce domain name
  • Magento email : my email
  • Auto associate elastic IP : An IP I created just before
  • Auto attach EBS Volume : A volume I created just before
  • Then "Launch !"

After a few minutes, back to the "Servers" tab of the Hub:

  • I click on the icon on the right "Web Shell"
  • Then I enter in a terminal
  • To the login prompt I give "admin"
  • Then to the password prompt, I give the silly 9 letters word of mine.

It should work no ?

 

 
Jeremy's picture

Not quite

Root password : Leave it blank (don't know what it is)

No, define your root password here.

  • I click on the icon on the right "Web Shell"
  • Then I enter in a terminal
  • To the login prompt I give "admin"
  • Then to the password prompt, I give the silly 9 letters word of mine.

It should work no ?

No, you will only use 'admin' to log into Magebto itself. For all other interface the username is 'root'. 
 
@Liraz, thanks for the info. I misunderstood what Alon meant when he said default password. But now I know :)
Michel Deby's picture

Not working with root password

@Jeremy,

Thanks for your reply.

I tried as you recommend, defining a root password.

Still not working.

The strange thing is that this root password is not requested after. When I click on the "Web Shell" icon, it goes straight into the Magento login (a VT Terminal with black background) 

So ?
Where is the problem ?

 

 
Alon Swartz's picture

Attempt to clear up mis-understandings

Hi Michel, I think there are still some mis-understandings, I'll try clear them up.

 

Users: 

  • root (OS account): this is the user account you use to log in to the webshell, webmin or via SSH. This in mainly needed for server administration. When launching via the Hub, you may set the root password in the field "Root Password". As mentioned above, this is optional. If you don't specify a password it will be random.
  • root (MySQL account): this is the mysql account you can use to log into PhpMyAdmin and administer the database itself. It's a mandatory field when launching via the Hub.
  • admin (Magento account): this is the administrative account you use to administer Magento itself. You can log into the Magento admin interface by going to https://<domain_you_set_at_launch>/admin

Other comments:

  • The VT Terminal you are referring to is the webshell. It connects you to the command line of the server for administrative purposes. You might be more comfortable with webmin (the web based management system).
  • I think you are trying to connect to the Magento application itself, in which case you should be browsing to the domain you set during launch. There is a gotcha though, please see this thread for more details.

I hope the above helps.

Michel Deby's picture

Working with root password but not with SSH

 

 

Hi Alon,

Finally I'm disturbing both of you ;-)

It is with your explanation that I found the way.

There are 3 combined traps I fell into:

The first one is in the "server launcher" (I don't know how you call it)
There it says that the root password is optional, with a short explanation in the help about the SSH key-pair as an alternative. So I took this alternative (leaving root password blank) and selected a key-pair created before. Obviously, SSH is not working (yet)

The second trap is in the webshell. There ,it is clearly written "magento login". So I though I was already in magento and I desperately typed the "root" username but without password (or with a wrong password I don't now)

The third trap, is when Jeremy attracted me (or distracted me?) with the actual magento username that is "admin". So I tried, also desperately, in webshell to give this username !

3 such things added makes it virtually impossible to login !
My guess is that you should try to improve there ;-)

Now, why isn't it not working with SHH yet ?
(I'm not satisfied with the root password system)

Clue (may be): In my browser (Chrome), at the first attempt to reach the server via HTPS, it says the security certificate is not approved, etc.  Is it because of this ?

If yes, which certificate should I include in Chrome ?

Thanks for all.
I am convinced this stuff is a brilliant idea.
 

 

 
Alon Swartz's picture

Feedback

The root password is optional if you are using an SSH Key pair. Leaving it blank will not set a blank password but a random one for security reasons. Also keep in mind that webshell authentication uses the root password, not the SSH Key.

You will need to use an SSH client so you can specify the SSH Key. If you're on windows, I'd recommend putty. If you're on Linux, just type "ssh -i /path/to/keypair-private.key <ip address>".

The hostname of the magento appliance is "magento", so when logging in to the webshell or via SSH it can be confusing for new comers.

True, there is always room for improving the documentation. Once you get up and running it would be great if you could summarize the pitfalls, mis-understandings and solutions which would benefit others.

TurnKey appliances generate unique self-signed SSL certificates on firstboot, so you can safely accept the exception. Before going into production, and if required, you might want to purchase your own SSL certificate. See here for more information.

Michel Deby's picture

First step taken

Once you get up and running it would be great if you could summarize the pitfalls, mis-understandings and solutions which would benefit others.

That was already my intention ;-)

Your system should be as easy as Windows installers, click and play !

It is nearly that, I really think so.
On top of that, your installer is a multi-applications** Cloud Installer !

Please let me do other work for 2-3 weeks now, I have reached my objectives for this time.

Regards,
--
Michel Deby

** My understanding of "Appliance"

 

 
Jeremy's picture

Sorry if I sidetracked you Michel

I perhaps could have been clearer. Glad you've got it sorted now.

Thought re clarifying root password on Hub launch: What about rather than making it optional, make it a choice of password or tick box for 'random password'. Or a radio button that switches between the 2 options. Maybe in the help explicitly say that you won't be able to use Webshell & Webmin without a (known) root password.

Michel Deby's picture

Reply

a radio button that switches between the 2 options

This is precisely what I think too.

Even further, to me there are two big options : Passwords or SSH. There should be a specific window where the user can select clearly between Password or SHH with an explanation in front of him of the pros and cons. + a checklist of what needs to be pre-installed (Certificates ? - EC2 account ?) as well as the possible traps. And one single password, so only one field to fill-in for all the applications in the appliance. Plus a list of each application including the TCP port to enter into each,  the kind of familiar concept for most reasonably experienced people.

In any case, at this moment there are too many SSH key-pairs here and there, it is disturbing if not obscure (in Amazon too..)

I am convinced it is mostly an effort of presentation, trying to take distances from OS specific jargon. There is a common denominators between Unix - Vax/VMS - MacOS - Windows NT, .. Things must be presented with the common denominators in mind. This is the only way I think to gain adopters.

For the rest, the concept of installing several applications at once together with an OS is fairly easy to capture.

 

 
Liraz Siri's picture

Excellent feedback Michel!

Michel, many thanks for taking the time to carefully articulate your perspective on this.

Unfortunately, the flip side of being more experienced within a certain technical domain (e.g., Linux) can sometimes make it more difficult to anticipate how people with different background will view things. We try, but there's really no replacement for users sharing their experience with us.

I like the idea of setting one universal password through the Hub as I can't really think of a good reason different passwords for each application would be advantageous to the average user. I think we should only ask users to set separate passwords if one password is going to be transmitted in the clear (I.e., without encryption).

It's late over here so I might be missing something though. We'll want to explore the implications in more depth when we get back to this.

Michel Deby's picture

Reply

.

 

many thanks for taking the time to carefully articulate your perspective on this.

With pleasure Liraz.
What makes me believe in this project is the fact, if I read well, that you have found a way to get paid for your work through Amazon, it is of the utmost importance for software project (company ?) to survive. If you would have been ordinary "open source geeks" then you would never had such feedback, I don't believe in the work for free.

 it more difficult to anticipate how people with different background will view things

Perhaps, if not done already, you should setup beta test campaign with a bunch of selected persons from various horizons to give you feedback. What you do is classic software development and there is no reason to make the economy of classic procedures.

 

 

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)