I am writing a script to migrate droplets from an old OS to a new OS.
The script uses the API to create a new droplet from an image (a snapshot of a partially configured system based on Ubuntu 22 that has already had its initial password changed), and the image has an SSH key for root to allow my script to SCP files to the new server and run some commands via SSH.
The problem is that the SCP and SSH commands fail with the message
You are required to change your password immediately (administrator enforced).
WARNING: Your password has expired.
Password change required but no TTY available.
Is there a way that I can automate changing the initial password to prevent this from happening (presumably via the API), or a different way I should be doing this?
Thanks!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Well it’s a bit of a hacky workaround, but eventually I got it to work with the following steps:
sudo sed -i 's/^root:.*$/root:*:16231:0:99999:7:::/' /etc/shadow
After that, I am able to ssh/scp as root without being asked for the password reset. The first thing I do is to ssh as root and remove the .sh file.
I also tried adding
#/bin/sh;sudo sed -i 's/^root:.*$/root:*:16231:0:99999:7:::/' /etc/shadow;
touser_data
but that didn’t seem to work. My guess is that the initial root password is set afteruser_data
is run, overwriting the change.Hi @rclaypool,
I think using the API will get you only the password_reset option which sends a new root password to your e-mail.
As for the SCP and SSH connection, it shouldn’t be using PasswordAuthenitcation if you already have an SSH key added. Maybe the SSH key you are using is not correct?