Intricacies of the medkit-config.json file

I ran into some issues when trying to use the medkit-config.json file, but I was eventually able to sort those out and figured I could share it here in case anyone else winds up in a similar situation.

I inspected the commit medkit-initial-config: add new package (22a86f40) · Commits · Turris / Turris OS / Turris OS packages · GitLab and noticed that it gives you the option to also configure the system password (for the root user):

{
“foris_password”: “ForisPassword_ChangeThis!”,
“system_password”: “SystemPassword_ChangeThis!”,
“wireless”: {
“ssid”: “TurrisConfigWifi”,
“key”: “WiFiPassword_ChangeThis!”
}
}

(this option has not been documented yet in the “First setup of Turris Omnia and Mox without Ethernet LAN”)

After I flashed the Turris Omnia, I was able to connect to the TurrisConfigWifi network using the WiFiPassword_ChangeThis! password, but I was not able to log into the reForis with the ForisPassword_ChangeThis!. Luckily, I was still able to log with ssh to root@192.168.1.1 and the SystemPassword_ChangeThis! password.

In the SSH, I ran my foris_password through the python encryption routine and used the resulting string

python
import pbkdf2
import sys
print(pbkdf2.crypt(‘ForisPassword_ChangeThis!’, iterations=1000))
# this returns an ENCRYPTED_PASSWORD (use it for uci set below)
quit()

uci set foris.auth.password =‘ENCRYPTED_PASSWORD’
uci commit foris.auth.password

From then on, I was able to log in to reForis.

So while it seems that there is a bug in the new feature which reads the Foris password from the JSON, you can get around it by using the undocumented feature of also setting the system password in the JSON and fixing the foris.auth.password UCI value from within an SSH root session.

Thanks for digging this! It saved me so much digging. I encountered the same problem and had to use your workaround. Does the team know about this bug? It makes the ethernetless setup impossible.

There is documentation for this. It is just rather indirectly accessible. Ethernetless configuration - Turris Documentation

There are tip bubbles If you read through mox as well as Omnia setup guide. The tip bubbles states " There is also a way to configure Turris Omnia over Wi-Fi by using a configuration file and a USB drive."

I will look in to the bug of not able to login to (re)Foris.

Edit: initial-config: fix invalid foris password (!821) · Merge requests · Turris / Turris OS / Turris OS packages · GitLab