public_git
/
pikvm
mirror of https://github.com/pikvm/pikvm.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update

This commit is contained in:
Maxim Devaev 2023-08-20 09:59:53 +03:00
parent 34c91e6f32
commit 33020859df
2 changed files with 32 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
docs/_passwd.md
View File

@ -1,23 +1,25 @@
??? danger "✮ ✮ ✮ CHANGE THE PASSWORDS! ✮ ✮ ✮" ??? danger "✮ ✮ ✮ CHANGE THE PASSWORDS! ✮ ✮ ✮"
PiKVM comes with the following default passwords: PiKVM comes with the following default passwords:
* **Linux admin** (SSH, etc.): user `root`, password `root`. * **Linux admin** (SSH, console, etc.): user `root`, password `root`.
* **PiKVM Web Interface**: user `admin`, password `admin`, no 2FA code. * **PiKVM Web Interface** ([API](api.md), [VNC](vnc.md)...): user `admin`, password `admin`, no 2FA code.
**These are two separate entities with independent accounts.** **These are two separate entities with independent accounts.**
To change passwords, you will need to use the terminal (read below) access via SSH or Web Terminal. To change passwords, you will need to use the console access via SSH or the Web Terminal.
If you are using the Web Terminal, use the `su -` command to get root access (enter the root user password). If you are using the Web Terminal, enter the `su -` command to get the `root` access (enter the `root` user password).
```console
[root@pikvm ~]# rw
[root@pikvm ~]# passwd root
[root@pikvm ~]# kvmd-htpasswd set admin
[root@pikvm ~]# ro
``` ```
# rw
# passwd root
# kvmd-htpasswd set admin
# ro
```
If you require additional user for the Web UI access, use the following: If you require additional user for the Web UI access, use the following:
```
# kvmd-htpasswd set <user> # Set a new user with password or change of an existing one ```console
# kvmd-htpasswd del <user> # Remove/delete a user [root@pikvm ~]# kvmd-htpasswd set <user> # Set a new user with password or change of an existing one
[root@pikvm ~]# kvmd-htpasswd del <user> # Remove/delete a user
``` ```
**Optionally you can enable the [two-factor authentication](auth.md#two-factor-authentication) for more security.** **Optionally you can enable the [two-factor authentication](auth.md#two-factor-authentication) for more security.**

27
docs/auth.md
View File

@ -1,17 +1,20 @@
# Authentication # Authentication
PiKVM OS is based on a regular Linux system, so everything about authorization in this OS is also true for PiKVM. PiKVM OS is based on a regular Linux system, so everything about authorization in this OS is also true for PiKVM.
It comes with the following default passwords:
* **Linux admin** (SSH, console, etc.): user `root`, password `root`. !!! note "PiKVM comes with the following default passwords"
* **PiKVM Web Interface, [API](api.md), [VNC](vnc.md)...**: user `admin`, password `admin`, no 2FA code.
**These are two separate entities with independent accounts.** * **Linux admin** (SSH, console, etc.): user `root`, password `root`.
* **PiKVM Web Interface** ([API](api.md), [VNC](vnc.md)...): user `admin`, password `admin`, no 2FA code.
Also there is another special Linux user: `kvmd-webterm`. **These are two separate entities with independent accounts.**
It can't be used for login or remote access to PiKVM OS and has the non-privileged rights in the OS.
Password access and `sudo` is disabled for it. It is used only for launching the Web Terminal. !!! note "There is another special Linux user: `kvmd-webterm`"
These restrictions are set for security reasons. It can't be used for login or remote access to PiKVM OS and has the non-privileged rights in the OS.
Password access and `sudo` is disabled for it. It is used only for launching the Web Terminal.
These restrictions are set for security reasons.
*Changing the [VNCAuth passkey](vnc.md) and [IPMI password](ipmi.md) described in the relevant documents*.
----- -----
@ -27,7 +30,7 @@ To obtain it in the Web Terminal, type `su -` and then enter the `root` user pas
[root@pikvm kvmd-webterm]# [root@pikvm kvmd-webterm]#
``` ```
??? tip "Disabling the Web Terminal" ??? example "Step by step: Disabling the Web Terminal"
Sometimes the actual owner of a PiKVM device and the user who is allowed to use it are different people. Sometimes the actual owner of a PiKVM device and the user who is allowed to use it are different people.
So you may want to disable console access from the Web UI. To do this, use the following: So you may want to disable console access from the Web UI. To do this, use the following:
@ -54,6 +57,9 @@ To obtain it in the Web Terminal, type `su -` and then enter the `root` user pas
----- -----
## Changing the KVM password ## Changing the KVM password
This password is used, among the Web UI login, to access the [API](api.md), [VNC](vnc.md) (if enabled)
and other functions that do not concern the OS shell.
```console ```console
[root@pikvm ~]# rw [root@pikvm ~]# rw
[root@pikvm ~]# kvmd-htpasswd set admin [root@pikvm ~]# kvmd-htpasswd set admin
@ -69,6 +75,9 @@ with different passwords to access the Web UI, but keep in mind that they all ha
[root@pikvm ~]# kvmd-htpasswd del <user> # Removes/deletes a user [root@pikvm ~]# kvmd-htpasswd del <user> # Removes/deletes a user
``` ```
At the moment there is no method to create any ACL for different KVM users.
----- -----
## Two-factor authentication ## Two-factor authentication