Installer password generation issue

Today I installed Hestia several times on Ubuntu 20.04 for testing. On last installation I got this kind of admin password to email. Of course, this password was not correct and did not work.

Admin URL: https://XXX.XX:8083
Username: admin
Password: R???????1jXn???H

I can’t change the password too:

v-change-user-password admin password
sed: -e expression #1, char 1: unknown command: `B'
sed: -e expression #1, char 1: unknown command: `B'

Deleting MD5 and RKEY values from file /usr/local/hestia/data/users/admin/user.conf helped to change password and bypass error:

MD5=''
RKEY=''

PS. My server has russian and english locale: ru_RU.UTF-8 UTF-8, en_US.UTF-8 UTF-8

One more bug. If did not install File Manager - always get error ‘ERROR: File Manager components are not installed.’ in CP when edit configs on ‘Configure Server’ page.

are you single quoting the password field?
like this: v-change-user-password admin '1!2@3#4$5%'

This is the exact line I run: v-change-user-password admin password. I tied many different variants, but all gave error. Then I empty MD5 and RKEY, it helped.

The function was throwing an error because these values contained non-latin characters that were generated when HESTIA was installed.

just tested with:

v-change-user-password user '!@#$%^&*()_+~`ö'

and no problem (also logging in with that password works fine). Can you give an example of a random generated pass that doesn’t work?

1 Like

OK. It happened to me again:

Admin URL:  https://XXX.XX:8083
Username:   admin
Password:   Ѻ֓1ɨµXp޳밍

That password I got after installation. It is Ubuntu 18.04

Mysql root password. I dont belive it should be like this.
s3

Ok, so the password was generated by the Hestia installer, I misunderstood that part.

The generated password if definitely wrong, what LANG env do you have set?

That is default clean installation on Ubuntu 20.04 and 18.04.

I have Russian and English locale installed. But that letters are not cyrillic. Some of them looks Chinese.

No normally not

can you run few times:

cat /dev/urandom | tr -dc [:alnum:] | head -c16

In command line?

1 Like
root@srv1:/tmp# cat /dev/urandom | tr -dc [:alnum:] | head -c16
Klsrm4Kj15FWrKEm
root@srv1:/tmp# cat /dev/urandom | tr -dc [:alnum:] | head -c16
W6beWZc4QfxvZeo9
root@srv1:/tmp# cat /dev/urandom | tr -dc [:alnum:] | head -c16
FP26cw9dJXkIH9uy

Your output looks good, that is the expected result

And yet I have gotten this result at least twice already. ((( That passwords looks like multibyte string in singlebyte environment.

1 Like

Agree, that is why I asked about the locale env earlier

Split topic as it is not related to the Ubuntu 20.04 function but something else.

1 Like

@ram108 can you post the missing info so we can reproduce this on our end and start working on a fix?

$> locale
..
$> env
..

root@srv4:/etc/nginx#locale

LANG=ru_RU.UTF-8
LANGUAGE=ru_RU:ru
LC_CTYPE="ru_RU.UTF-8"
LC_NUMERIC="ru_RU.UTF-8"
LC_TIME="ru_RU.UTF-8"
LC_COLLATE="ru_RU.UTF-8"
LC_MONETARY="ru_RU.UTF-8"
LC_MESSAGES="ru_RU.UTF-8"
LC_PAPER="ru_RU.UTF-8"
LC_NAME="ru_RU.UTF-8"
LC_ADDRESS="ru_RU.UTF-8"
LC_TELEPHONE="ru_RU.UTF-8"
LC_MEASUREMENT="ru_RU.UTF-8"
LC_IDENTIFICATION="ru_RU.UTF-8"
LC_ALL=

root@srv4:/etc/nginx# env
(oputput was little bit cleaned)

LESSCLOSE=/usr/bin/lesspipe %s %s
LANG=ru_RU.UTF-8
HISTCONTROL=ignoredups:ignorespace
USER=root
HESTIA=/usr/local/hestia
PWD=/etc/nginx
HOME=/root
MAIL=/var/mail/root
SHELL=/bin/bash
TERM=xterm
SHLVL=2
LANGUAGE=ru_RU:ru
LOGNAME=root
XDG_RUNTIME_DIR=/run/user/0

Installation script that was run before Hestia installation on clean Ubuntu:

# timezone
timedatectl set-timezone Europe/Moscow

# locale
rm -f /var/lib/locales/supported.d/* && mkdir -p /var/lib/locales/supported.d/

cat >/var/lib/locales/supported.d/local <<EOF
ru_RU.UTF-8 UTF-8
en_US.UTF-8 UTF-8
EOF

cat >/etc/default/locale <<EOF
LANGUAGE=ru_RU:ru
LANG=ru_RU.UTF-8
EOF

locale-gen && update-locale LANG=ru_RU.UTF-8
dpkg-reconfigure tzdata
1 Like

Replace https://github.com/hestiacp/hestiacp/blob/release/install/hst-install-ubuntu.sh#L90-L93

with

gen_pass() {
    LC_ALL=C </dev/urandom tr -dc '[:alnum:]' | head -c 16
}

or should do the trick…

gen_pass() {
     cat /dev/urandom | tr -dc [A-Za-z0-9] | head -c16
}

It seems in some locals mulibyte chars fall with the :album: limitations

If it works we will incorporate the fix in the installer…

Next time I install Hestia I will try to fix this and see what will happen. I’m sure it will help with the fix above.

I forgot today to fix installer, but the installation was made with default locale. Got the same wrong password generation while install hestia.

root@srv1:~# locale
LANG=en_US
LANGUAGE=en_US:
LC_CTYPE="en_US"
LC_NUMERIC="en_US"
LC_TIME="en_US"
LC_COLLATE="en_US"
LC_MONETARY="en_US"
LC_MESSAGES="en_US"
LC_PAPER="en_US"
LC_NAME="en_US"
LC_ADDRESS="en_US"
LC_TELEPHONE="en_US"
LC_MEASUREMENT="en_US"
LC_IDENTIFICATION="en_US"
LC_ALL=

Admin URL:  https://XXX.XX:8083
Username:   admin
Password:   ۋͺ1Ol2J둔fˋ

/root/.my.cnf
[client]
password='y˽ı�Rgd껩Iª'