You are here
Michel Deby - Wed, 2011/02/02 - 17:47
Hello,
I just created a new EC2 instance with Magento appliance.
Now, I see that on the Turnkey panel, when we click on the "Webshell" icon, it starts a login procedure to Magento.
I have a very basic question...
What are the username/password set by default ?
Forum:
Username is root
Root is the Linux equivalent of the Windows Administrator account. Ideally the root password is set prior to first boot by preseeding via TKL Hub (in the case of an Amazon instance, otherwise at first boot). Alon (TKL core dev) saying that there are defaults if you choose not to do this (or launch without using the hub). He said that here but I'm not sure what the defaults actually are and I can't see it documented anywhere. I would try turnkey.
Reply to Jeremy
Thanks for your reply Jeremy.
I tried "root" plus a bunch of various passwords, including the one I set through Turnkey for mySQL etc.. But without success.
I tried also to create another instance, just in case I made a typing mistake but still not working.
One thing I can do is to log to PHPAdmin. There I could enter into the Magento database.
There I saw the username: It is not "root" but "admin" instead.
Then, I tried to change the password using the
UPDATE admin_user SET password=CONCAT(MD5('qXpassword'), ':qX') WHERE username='admin';
statement.
But Magento login still failed.
How about you launch it via the Hub
And preseed your desired password(s). I'm assuming you've got a Hub account? If not, sign yourself up!
dYou shoul find that the default username for Webshell (Shell-in-a-box), Webmin, PHPMyAdmin and SSH/SFTP is root. Magento itself should be admin (as you've discovered).
The default root password is random (for security purposes)
An alternative might be to just log in with your SSH keys and then change the root password needed for webmin access
I realize this is inconvenient (if you don't use the Hub) but setting the root password to a fixed default would be very dangerous from a security standpoint as it would open a window of vulnerability between the time you launched an instance to the time you realized you had to change the password. Using automated tools it doesn't need to take more than a few seconds for an attacker to find and compromise your machine before you know it.
inithook is running interactively...
Did you launch via the Hub? Which appliance?
Reply
@Jeremy
Yes, I have it since today.
It should be written somewhere on the way.
@Liraz
PhpMyAdmin is not random. I could connect to it easily through port 12322 with the silly password I defined during server creation with the hub. So security there is as high as the password I defined..
This is what I did.
With the hub, I did exactly the following (several time already)
After a few minutes, back to the "Servers" tab of the Hub:
It should work no ?
Not quite
No, define your root password here.
Not working with root password
@Jeremy,
Thanks for your reply.
I tried as you recommend, defining a root password.
Still not working.
The strange thing is that this root password is not requested after. When I click on the "Web Shell" icon, it goes straight into the Magento login (a VT Terminal with black background)
So ?
Where is the problem ?
Attempt to clear up mis-understandings
Hi Michel, I think there are still some mis-understandings, I'll try clear them up.
Users:
Other comments:
I hope the above helps.
Working with root password but not with SSH
Hi Alon,
Finally I'm disturbing both of you ;-)
It is with your explanation that I found the way.
There are 3 combined traps I fell into:
The first one is in the "server launcher" (I don't know how you call it)
There it says that the root password is optional, with a short explanation in the help about the SSH key-pair as an alternative. So I took this alternative (leaving root password blank) and selected a key-pair created before. Obviously, SSH is not working (yet)
The second trap is in the webshell. There ,it is clearly written "magento login". So I though I was already in magento and I desperately typed the "root" username but without password (or with a wrong password I don't now)
The third trap, is when Jeremy attracted me (or distracted me?) with the actual magento username that is "admin". So I tried, also desperately, in webshell to give this username !
3 such things added makes it virtually impossible to login !
My guess is that you should try to improve there ;-)
Now, why isn't it not working with SHH yet ?
(I'm not satisfied with the root password system)
Clue (may be): In my browser (Chrome), at the first attempt to reach the server via HTPS, it says the security certificate is not approved, etc. Is it because of this ?
If yes, which certificate should I include in Chrome ?
Thanks for all.
I am convinced this stuff is a brilliant idea.
Feedback
The root password is optional if you are using an SSH Key pair. Leaving it blank will not set a blank password but a random one for security reasons. Also keep in mind that webshell authentication uses the root password, not the SSH Key.
You will need to use an SSH client so you can specify the SSH Key. If you're on windows, I'd recommend putty. If you're on Linux, just type "ssh -i /path/to/keypair-private.key <ip address>".
The hostname of the magento appliance is "magento", so when logging in to the webshell or via SSH it can be confusing for new comers.
True, there is always room for improving the documentation. Once you get up and running it would be great if you could summarize the pitfalls, mis-understandings and solutions which would benefit others.
TurnKey appliances generate unique self-signed SSL certificates on firstboot, so you can safely accept the exception. Before going into production, and if required, you might want to purchase your own SSL certificate. See here for more information.
First step taken
That was already my intention ;-)
Your system should be as easy as Windows installers, click and play !
It is nearly that, I really think so.
On top of that, your installer is a multi-applications** Cloud Installer !
Please let me do other work for 2-3 weeks now, I have reached my objectives for this time.
Regards,
--
Michel Deby
** My understanding of "Appliance"
Sorry if I sidetracked you Michel
I perhaps could have been clearer. Glad you've got it sorted now.
Thought re clarifying root password on Hub launch: What about rather than making it optional, make it a choice of password or tick box for 'random password'. Or a radio button that switches between the 2 options. Maybe in the help explicitly say that you won't be able to use Webshell & Webmin without a (known) root password.
Reply
This is precisely what I think too.
Even further, to me there are two big options : Passwords or SSH. There should be a specific window where the user can select clearly between Password or SHH with an explanation in front of him of the pros and cons. + a checklist of what needs to be pre-installed (Certificates ? - EC2 account ?) as well as the possible traps. And one single password, so only one field to fill-in for all the applications in the appliance. Plus a list of each application including the TCP port to enter into each, the kind of familiar concept for most reasonably experienced people.
In any case, at this moment there are too many SSH key-pairs here and there, it is disturbing if not obscure (in Amazon too..)
I am convinced it is mostly an effort of presentation, trying to take distances from OS specific jargon. There is a common denominators between Unix - Vax/VMS - MacOS - Windows NT, .. Things must be presented with the common denominators in mind. This is the only way I think to gain adopters.
For the rest, the concept of installing several applications at once together with an OS is fairly easy to capture.
Excellent feedback Michel!
Unfortunately, the flip side of being more experienced within a certain technical domain (e.g., Linux) can sometimes make it more difficult to anticipate how people with different background will view things. We try, but there's really no replacement for users sharing their experience with us.
I like the idea of setting one universal password through the Hub as I can't really think of a good reason different passwords for each application would be advantageous to the average user. I think we should only ask users to set separate passwords if one password is going to be transmitted in the clear (I.e., without encryption).
It's late over here so I might be missing something though. We'll want to explore the implications in more depth when we get back to this.
Reply
.
With pleasure Liraz.
What makes me believe in this project is the fact, if I read well, that you have found a way to get paid for your work through Amazon, it is of the utmost importance for software project (company ?) to survive. If you would have been ordinary "open source geeks" then you would never had such feedback, I don't believe in the work for free.
Perhaps, if not done already, you should setup beta test campaign with a bunch of selected persons from various horizons to give you feedback. What you do is classic software development and there is no reason to make the economy of classic procedures.
Add new comment