Installer password generation issue

@ram108 can you post the missing info so we can reproduce this on our end and start working on a fix?

$> locale
..
$> env
..

root@srv4:/etc/nginx#locale

LANG=ru_RU.UTF-8
LANGUAGE=ru_RU:ru
LC_CTYPE="ru_RU.UTF-8"
LC_NUMERIC="ru_RU.UTF-8"
LC_TIME="ru_RU.UTF-8"
LC_COLLATE="ru_RU.UTF-8"
LC_MONETARY="ru_RU.UTF-8"
LC_MESSAGES="ru_RU.UTF-8"
LC_PAPER="ru_RU.UTF-8"
LC_NAME="ru_RU.UTF-8"
LC_ADDRESS="ru_RU.UTF-8"
LC_TELEPHONE="ru_RU.UTF-8"
LC_MEASUREMENT="ru_RU.UTF-8"
LC_IDENTIFICATION="ru_RU.UTF-8"
LC_ALL=

root@srv4:/etc/nginx# env
(oputput was little bit cleaned)

LESSCLOSE=/usr/bin/lesspipe %s %s
LANG=ru_RU.UTF-8
HISTCONTROL=ignoredups:ignorespace
USER=root
HESTIA=/usr/local/hestia
PWD=/etc/nginx
HOME=/root
MAIL=/var/mail/root
SHELL=/bin/bash
TERM=xterm
SHLVL=2
LANGUAGE=ru_RU:ru
LOGNAME=root
XDG_RUNTIME_DIR=/run/user/0

Installation script that was run before Hestia installation on clean Ubuntu:

# timezone
timedatectl set-timezone Europe/Moscow

# locale
rm -f /var/lib/locales/supported.d/* && mkdir -p /var/lib/locales/supported.d/

cat >/var/lib/locales/supported.d/local <<EOF
ru_RU.UTF-8 UTF-8
en_US.UTF-8 UTF-8
EOF

cat >/etc/default/locale <<EOF
LANGUAGE=ru_RU:ru
LANG=ru_RU.UTF-8
EOF

locale-gen && update-locale LANG=ru_RU.UTF-8
dpkg-reconfigure tzdata
1 Like

Replace https://github.com/hestiacp/hestiacp/blob/release/install/hst-install-ubuntu.sh#L90-L93

with

gen_pass() {
    LC_ALL=C </dev/urandom tr -dc '[:alnum:]' | head -c 16
}

or should do the trick…

gen_pass() {
     cat /dev/urandom | tr -dc [A-Za-z0-9] | head -c16
}

It seems in some locals mulibyte chars fall with the :album: limitations

If it works we will incorporate the fix in the installer…

Next time I install Hestia I will try to fix this and see what will happen. I’m sure it will help with the fix above.

I forgot today to fix installer, but the installation was made with default locale. Got the same wrong password generation while install hestia.

root@srv1:~# locale
LANG=en_US
LANGUAGE=en_US:
LC_CTYPE="en_US"
LC_NUMERIC="en_US"
LC_TIME="en_US"
LC_COLLATE="en_US"
LC_MONETARY="en_US"
LC_MESSAGES="en_US"
LC_PAPER="en_US"
LC_NAME="en_US"
LC_ADDRESS="en_US"
LC_TELEPHONE="en_US"
LC_MEASUREMENT="en_US"
LC_IDENTIFICATION="en_US"
LC_ALL=

Admin URL:  https://XXX.XX:8083
Username:   admin
Password:   ۋͺ1Ol2J둔fˋ

/root/.my.cnf
[client]
password='y˽ı�Rgd껩Iª'

The most annoying thing is that such a password cannot be changed using Hestia cli.

root@srv1:/# v-change-user-password admin EBMdNqX8
sed: -e expression #1, char 1: unknown command: `B'
sed: -e expression #1, char 1: unknown command: `B'

I used this installer fix, but it didn’t help, I got wrong admin and database root passwords during installation (with default en_US locale). The password still contained characters that are not listed in the expression [A-Za-z0-9].

If the admin password can be changed by deleting mentions in the hestia config, then there are more serious problems with the database user, that is not so easy to fix.

Tested in Ubuntu 18.04 and 20.04

I have a guess. Since the described issue is observed only in the installer, but not in the system itself, can the installer file have the wrong encoding?

I just tried this on the system many times and got the following results:

root@srv1:/# cat /dev/urandom | tr -dc [A-Za-z0-9] | head -c16
eYRyZXVmzuYJChvu
root@srv1:/# cat /dev/urandom | tr -dc [A-Za-z0-9] | head -c16
Ou8FgtdqmzDFMexn
root@srv1:/# cat /dev/urandom | tr -dc [A-Za-z0-9] | head -c16
tiIZqPGZuRngO10L
root@srv1:/# cat /dev/urandom | tr -dc [A-Za-z0-9] | head -c16
jd][stRHPfKCo4p5

Configures that 1) there are practically no numbers in the generated passwords, 2) there are extra characters in the generated passwords, for example, “]” and “[” - see the last result

Correct syntax is:

head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16

Source: How to generate a random string

1 Like

Thanks @ram108, I’ll review the suggested code change, prepare a patch and we should be able to ship the fix together with the next feature release.

2 Likes

Fixed with https://github.com/hestiacp/hestiacp/pull/1191/commits/75e2c2750fc37479432829fd549628529bd8afba

Thanks for your contribution @ram108!

1 Like

@ram108 can you join our discord server so we can communicate more quickly?

https://forum.hestiacp.com/t/join-our-official-discord-channel/1600

@ram108 I also started investigating, but even though I ran your script to change the locale and such, I wasn’t able to reproduce the issue.

could you elaborate on the system you are running? is it kvm or lxc or something else? are you using a template for installing your OS, if so which provider are you using?

2 Likes

i have exactly the same error. is it possible to fix it by installing the filemanager?

v-add-sys-filemanager

the bug is definitely new and probably came with version 1.2.2 or 1.2.3.

There is een bug how ever fixed in new version

1 Like

At work, I have to install from time to time system on VPS. Each time these are new providers, always KVM and Ubuntu 18.04 or 20.04. And out of the last five to six installations, three or four times I have had the password issue.

At first I thought it was a matter of the locale, which I installed before installing Hestia, so I didn’t change the locale during the last installs. And yet got this issue again.

But I have not tried the last fix yet, I’m sure it fixes the problem.

thanks, when will the next version be released?

Probaly within 1-2 weeks, depending on the current testing.