Intricacies of the medkit-config.json file

Ales_Cervenka · August 1, 2021, 9:10am

I ran into some issues when trying to use the medkit-config.json file, but I was eventually able to sort those out and figured I could share it here in case anyone else winds up in a similar situation.

I inspected the commit medkit-initial-config: add new package (22a86f40) · Commits · Turris / Turris OS / Turris OS packages · GitLab and noticed that it gives you the option to also configure the system password (for the root user):

{
“foris_password”: “ForisPassword_ChangeThis!”,
“system_password”: “SystemPassword_ChangeThis!”,
“wireless”: {
“ssid”: “TurrisConfigWifi”,
“key”: “WiFiPassword_ChangeThis!”
}
}

(this option has not been documented yet in the “First setup of Turris Omnia and Mox without Ethernet LAN”)

After I flashed the Turris Omnia, I was able to connect to the TurrisConfigWifi network using the WiFiPassword_ChangeThis! password, but I was not able to log into the reForis with the ForisPassword_ChangeThis!. Luckily, I was still able to log with ssh to root@192.168.1.1 and the SystemPassword_ChangeThis! password.

In the SSH, I ran my foris_password through the python encryption routine and used the resulting string

python
import pbkdf2
import sys
print(pbkdf2.crypt(‘ForisPassword_ChangeThis!’, iterations=1000))
# this returns an ENCRYPTED_PASSWORD (use it for uci set below)
quit()

uci set foris.auth.password =‘ENCRYPTED_PASSWORD’
uci commit foris.auth.password

From then on, I was able to log in to reForis.

So while it seems that there is a bug in the new feature which reads the Foris password from the JSON, you can get around it by using the undocumented feature of also setting the system password in the JSON and fixing the foris.auth.password UCI value from within an SSH root session.

valo · October 5, 2021, 6:04pm

Thanks for digging this! It saved me so much digging. I encountered the same problem and had to use your workaround. Does the team know about this bug? It makes the ethernetless setup impossible.

cynerd · October 6, 2021, 10:13am

There is documentation for this. It is just rather indirectly accessible. Ethernetless configuration - Turris Documentation

There are tip bubbles If you read through mox as well as Omnia setup guide. The tip bubbles states " There is also a way to configure Turris Omnia over Wi-Fi by using a configuration file and a USB drive."

I will look in to the bug of not able to login to (re)Foris.

Edit: initial-config: fix invalid foris password (!821) · Merge requests · Turris / Turris OS / Turris OS packages · GitLab

Kwigon · October 4, 2022, 10:55am

Seems like the file configuration is still not working (at least on 5.2.2). Found maybe an easier workaroud to specify the system password, login via ssh and then proceed according to this: Troubleshooting [Turris wiki]

viktor · October 4, 2022, 1:46pm

You are using TOS 5.2.2?

Kwigon · October 5, 2022, 1:57pm

Not anymore when I gained access, it was given to me second hand. Had no idea what the latest version was, it of course makes sense they can’t fix it in older versions so consider my comment just as an alternate approach to gain access.

Pepe · October 5, 2022, 9:22pm

Looking at the referenced merge request, I see that you need at least Turris OS 5.3.0. Any older version(s) are not supported anymore. You should use the latest version and try it there.

If you got the router from second hand, it is highly suggested to use reflash, which is described in our documentation.

Pepe · October 12, 2022, 6:00am

This topic was automatically closed after 6 days. New replies are no longer allowed.