Preconfiguring ssh password for server installer

Question

I am trying to install Ubuntu Server on a device on which the available HDMI port broke down, so I can't connect a display whatsoever. I read in the docs (here) that it was possible to connect to the installer over SSH. I managed to boot into the Installer on my device, and found the IP address with the corresponding open ssh port. The problem is, that I don't know the password to use and I can't read it from the screen either as is intended if I understood it correctly. Some online resources suggested it might be ubuntu but that was not the case.

Is there a way to set the key/password beforehand or modify it?

I already found this question about pretty much the same problem, yet it did not contain an answer I can use.

Answer 1

If you are using the "live-server" installer (subiquity) then the default settings will create a user named installer with a random password. The installer user can be used to access the installer TUI by SSH.

Depending on the version of subiquity the randomly generated password is printed to the screen or is available under the Help menu.

The installer user is created by cloud-init when the installer boots. By changing the cloud-init configuration it is possible to set the password or to add SSH Key(s) for the installer user to something known. There are a couple of ways to configure cloud-init.

Use Autoinstall

I have been able to set the installer password by using an autoinstall file. The file has content like the following to set a password and set an SSH key.

#cloud-config
autoinstall:
...
# set password to r00tme
chpasswd:
    expire: false
    list:
        - installer:$6$.c38i4RIqZeF4RtR$hRu2RFep/.6DziHLnRqGOEImb15JT2i.K/F9ojBkK/79zqY30Ll2/xx6QClQfdelLe.ZjpeVYfE8xBBcyLspa/
ssh_authorized_keys:
    - ssh-rsa FILLINYOUROWNKEYHERE 

Modify the ISO

I have not done this, but you could try modifying the ISO. The installer user setup is configured in the /etc/cloud.cfg file. You could modify this file to define a password or SSH key.

See Also

• set ssh ssh-password on autoinstall
• Current source that seems to set the password

Answer 2

One can indeed make a modified server installer disk. The below steps are based on the Ubuntu LiveCD customization instructions and this answer. Alternatively you can start from this bash script and modify it to your needs.

1. Download ubuntu-22.04.3-live-server-amd64.iso and mount it:

   mkdir ub && mount ubuntu-22.04.3-live-server-amd64.iso ub
   

2. Mount the squash file system with the relevant installer info and copy it:

   mkdir sqfs && mount ub/casper/ubuntu-server-minimal.ubuntu-server.installer.squashfs sqfs
   find sqfs -xdev -print0 | cpio -pa0V nsqfs
   

3. Edit the cloud.cfg file with your favorite editor, e.g vi nsqfs/sqfs/etc/cloud/cloud.cfg to have a passwd, and also add your ssh key here:

   default_user:
     name: installer
     lock_passwd: false
     ... don't other stuff ...
     # password r00tme
     passwd: $6$.c38i4RIqZeF4RtR$hRu2RFep/.6DziHLnRqGOEImb15JT2i.K/F9ojBkK/79zqY30Ll2/xx6QClQfdelLe.ZjpeVYfE8xBBcyLspa/
     ssh_authorized_keys:
       - ssh-rsa HERE_YOUR_SSH_KEY
   

4. Make a copy of the (read-only) mounted installer disk (ub) into ub_mod:

   mkdir ub_mod && cd ub && tar cf - . | (cd ../ub_mod; tar xfp -) && cd ..
   

5. Squash the modified files:

   cd nsqfs
   mksquashfs sqfs ../ub_mod/casper/ubuntu-server-minimal.ubuntu-server.installer.squash
   cd ..
   

6. Update the size file:

   printf $(du -sx --block-size=1 nsqfs/sqfs | cut -f1) > ub_mod/casper/ubuntu-server-minimal.ubuntu-server.installer.size
   

7. Change the signature (not sure that's needed), replacing the local-user key with your own (list your keys with gpg --list-secret-keys):

   rm ub_mod/casper/ubuntu-server-minimal.ubuntu-server.installer.squashfs.gpg
   gpg --local-user 2661D59A01F3022FAFB75644F440B26DF14188A2 --output ub_mod/casper/ubuntu-server-minimal.ubuntu-server.installer.squashfs.gpg --detach-sign ub_mod/casper/ubuntu-server-minimal.ubuntu-server.installer.squashfs
   

8. Recompute the md5 checksum:

   cd ub_mod
   rm md5sum.txt
   find -type f -print0 | xargs -0 md5sum | grep -v isolinux/boot.cat | tee md5sum.txt
   cd ..
   

9. extract the MBR and the EFI partition from the original ubuntu installer disk. You need to adjust the count and skip fields below according to the output you get from the fdisk command

   fdisk -l ubuntu-22.04.3-live-server-amd64.iso
   dd bs=1 count=446 if=ubuntu-22.04.3-live-server-amd64.iso of=mbr.img
   dd bs=512 count=10068 skip=4156048 if=ubuntu-22.04.3-live-server-amd64.iso of=EFI.img
   

10. use xorriso to find the flags necessary to create the new boot disk:

xorriso -indev ~ubuntu-22.04.3-live-server-amd64.iso -report_el_torito cmd

Then modify them to reference the mbr and EFI. My xorisso line ended up looking like this (copied into bash file to edit/run):

#!/bin/bash
xorriso -outdev hacked_installer.iso -map ub_mod / -- -volid 'Ubuntu-Server 22.04.3 LTS amd64' -volume_date uuid '2023081005062500' -boot_image grub grub2_mbr=mbr.img -boot_image any partition_table=on -boot_image any partition_cyl_align=off -boot_image any partition_offset=16 -boot_image any mbr_force_bootable=on -append_partition 2 28732ac11ff8d211ba4b00a0c93ec93b EFI.img -boot_image any appended_part_as=gpt -boot_image any iso_mbr_part_type=a2a0d0ebe5b9334487c068b6b72699c7 -boot_image any cat_path='/boot.catalog' -boot_image grub bin_path='/boot/grub/i386-pc/eltorito.img' -boot_image any platform_id=0x00 -boot_image any emul_type=no_emulation -boot_image any load_size=2048 -boot_image any boot_info_table=on -boot_image grub grub2_boot_info=on -boot_image any next -boot_image any efi_path='--interval:appended_partition_2_start_1039012s_size_10068d:all::' -boot_image any platform_id=0xef -boot_image any emul_type=no_emulation -boot_image any load_size=5154816

The only fields I had to touch are the references to EFI.img and mbr.img

If all went well you should now have a boot disk hacked_installer.iso into which you can log on using your ssh key