after installing turnkey appliances as Virtual-Containers in Proxmox, I am not able to login because the initiall loginscreen for entering the passwords do not show up !!!

default passwords  are much better , it's in everybodys reponsibility to manage security

...nevertheless what can I do ?

thanks for help

sti

Forum: 
Jeremy Davis's picture

IIRC the inithooks should be sitting there waiting for you on tty1. So if you log in via SSH or the PVE webUI console it should be there waiting for you, ready to enter your passwords.

If you use commandline to enter the instance from the host, then you are correct that 'pct enter VMID' won't show them, but if you use 'pct console VMID' instead then you will see them.

Whilst default passwords may be ok for some users; many users do not change default passwords, then think our servers are insecure when they get hacked! To avoid risk of that, we decided that forcing users to set a password at firstboot was a better way to go.

thanks for answering..

? what do you mean by..

"If you use commandline to enter the instance from the host ..."

I tried via the  console buttons inside pve (there a 2) and from a workstation via ssh !

tty1 shows up with a commandline asking me username and password !

no new-password dialog shows up !

 

 

 

Jeremy Davis's picture

But if you access it via the built in PVE console browser window, then as soon as you log in, it should be there.

Perhaps if you can tell me which specific appliance I can double check and see if I can reproduce the issue. Maybe you've stumbled across a bug? When I build the ISOs I build them to container locally and test on Proxmox. However, they aren't exactly the same build (they come from the same source ISO, but my test containers I build locally, rather than on TurnKey infrastructure) so perhaps something went wrong?!

The only other thing that occurs to me is that on the very first boot, it will take a few minutes for the interactive session to start (it does a ton of non-interactive stuff like regenerating secret keys etc first). If you try to log in before that has done, then you may get some weird results. In Proxmox, if you open your containers console window when you first launch it, then you should see all that happening stuff within the console window. When it's finished it will ask for log in. When you log in, it should be there ready to go...

I was referring to using Proxmox's commandline interface (rather than the webUI). It sounds like you are not very familiar with that, so there's probably no need to go down that path. FWIW I only said that as it's a known "issue" and I had no way to know how much of an expert you were...

I tried several.... 

but the last one was fileserver.   ..but also openvpn

why don't you let a default initial password and in addition show up the password-dialog to avoid those problems.

...as I said the user himself is responsible for security

I'll give it another try with a lot off calm

 

"I'll give it another try with a lot off calm "

same result no dialog

Jeremy Davis's picture

The fact that you're having the same experience with multiple different containers and that no ones else has reported anything similar recently, makes me wonder if there is something you're missing, or something amiss with your set up?! Within the last few days I've been speaking with some other Proxmox users who are definitely not experiencing this issue. And I can't reproduce this issue at all?! So I wonder what it might be?

FWIW we've been using this method of setting passwords on firstboot for many years now to great effect. Other than a couple of specific inithook bugs (which are always quicly resolved, and occur very rarely since we've introduced our more intensive testing regime) it's worked flawlessly and has massively reduced the complaints about servers being hacked... So whilst you are right that security is everyone's business, if we can ensure users have less traps to fall in, the better!

TBH, I'm not sure how this issue could be caused by Proxmox, but just in case, could you please give me some more info re your Promxox version. Proxmox should only download the current container templates and should also check the hash to ensure it hasn't been corrupted. That should mean that the container templates you have are ok, but perhaps it's also worth double checking them too? You can find the relevant hash files on our mirror. You will notice that the older v14.1 appliances have a "sig" file rather than a "hash" file. That's because we've adjusted that for the new release (still in progrewss hence why some are v14.1 and others 14.2). These 2 different files are essentially the same and provide similar info.

FWIW, I just upgraded my version of Proxmox to the latest stable (4.4-13). I then downloaded a fresh v14.1 Fileserver container template (via PVE webUI). But it still "just works" for me?!

I'm not sure whether it's really much help, but I took a few screenshots as I was going and have uploaded them to github here. Perhaps browse through those and see if you can spot anything you may be missing. Or at least if you can clarify when your experience diverges?!

cartland's picture

I'm on Proxmox 5.2-5 and running several VMs just fine.

Sorry if I'm raising an old thread but it matches exactly my problem.

I just tried setting up several different LXC turnkey servers. I cannot login to any of them. My config screens look much the same as those at https://github.com/JedMeister/pve-screenshots. I even tried debian-8-turnkey-fileserver_14_2-1_amd64 as a test.

The root user and password from the config screen do not work - Login incorrect and the first boot configuration screen does not come up.

cartland's picture

aaaaa worked. Others fail: qazwsx and abcabc

??

Oh Well!

 

Michael Larsen's picture

I also run Proxmox: PVE Manager Version pve-manager/4.4-15/7599e35a.

And I have the same problem, that I cannot login with the root account after the installation.

I tried many times now installing the LXC container, and could not login.

I then tried to set the IP address to DHCP, and now I suddenly could login and get the initialization screen.

Maybe there are an issue there ??

anyway thanks for a great product :-)

Jeremy Davis's picture

Normally, I set the container's static IP in the PVE config prior to launch. E.g.:

If you're not doing that, that would explain your behaviour (if a static IP is not set, then you would need to get an IP via DHCP).

Michael Larsen's picture

I do set an IP address correctly when using the static way.

But I cannot login with the password that was defined in the config guide.

Jeremy Davis's picture

When you launch a new container on Proxmox you set the root password prior to launch. It's actually on the first screen as per this screenshot:

Then you should be able to log in via SSH using the username "root" and the password that you set there.

If that's not working, then the only thing that I can think of is perhaps a keyboard issue or some other language related issue?! Unfortunately TurnKey currently requires a US international keyboard, at least for initial log in and set up. It also default to US English. I can confirm that on current Proxmox, all the appliances I have tested work as they should.

If you are using a non-US keyboard but have one handy, perhaps try with that? Even if you don't have a different keyboard, you may be able to try using a fairly simple password. Alternatively, you could generate SSH keys and upload your public key when you create the container (again see the screenshot; there is a button to upload your public SSH key.

Alternatively, if you are sure it is a TurnKey related bug, please spell out exactly how I can recreate the issue. If we can reproduce the issue, we can fix it! :)

Jason Hamilton's picture

I know this is an old thread, but it is ranked high in search results for this problem, so I want to complete the chain with the solution I found.  I had this exact problem, where despite setting the password and following the instructions above, I could not log in as root after the initial setup. The problem was I was using a FQDN in the Proxmox container's hostname field when I was creating it, e.g. myserver.mydomain.com.   There were no errors during the process, but the root login fails.  I recreated it using just the unqualified name, e.g. myserver, and then root login worked fine.  Cheers!
Jeremy Davis's picture

TBH, I've never tried to do that and it never occurred to me. FWIW I mostly use Proxmox for testing with a few LAN based production servers, but nothing internet available.

Hopefully your hint might help others! I'm sure it will! :)

Take care and thanks again!

idic's picture

I've tried everything above and it's never worked for any turnkey installs.  The only thing I could do to get in was to connect from the proxmox server via ' lxc-attach -n <container #>' and then use 'passwd'.
Jeremy Davis's picture

TBH, I don't understand why you've had those ongoing issues. Do you use English as your primary language (i.e. the language on your local OS)? Are you using a US-International keyboard? Perhaps those variables are the cause of your issues? Testing with a somewhat basic password (that only uses characters that are the same in English/on US-International keyboard) may allow you to see if that's the issue.

Have you experienced the same issue with other (i.e. non-TurnKey) containers? Or does it just occur with TurnKey containers? AFAIK it's Proxmox that sets the root password within the container (nothing to do with TurnKey), so I would expect other containers to fail in a similar way.

FWIW here's what I do when I launch a new TurnKey LXC template on Proxmox and it always "just works":

  • create container, setting a basic hostname (i.e. not a FQDN), a root password and a static IP address (e.g. 192.168.1.102/24) with the PVE UI
  • wait until the initial PVE set up task completes, then start the container
  • open the PVE UI console window and wait until the unattended firstboot inithooks complete (i.e. shows a log in prompt)
  • SSH into the container, e.g. ssh root@192.168.1.102
  • The interactive firstboot scripts greet me there; I complete them and am away...

Add new comment