pkgs/switches/junos: update password hash method from SHA-256 to SHA-512
This commit is contained in:
parent
4ada8878fc
commit
e76c8a9a3a
|
@ -9,7 +9,7 @@ let
|
||||||
host-name ${hostName};
|
host-name ${hostName};
|
||||||
time-zone Europe/Berlin;
|
time-zone Europe/Berlin;
|
||||||
root-authentication {
|
root-authentication {
|
||||||
encrypted-password "$5$EBmFELmv$kQxtWwS0SBS.TqVPRvs8sKpH./l9DTtTxX/I2FJB2n2"; ## SECRET-DATA
|
encrypted-password "%%HASH%%"; ## SECRET-DATA
|
||||||
ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGgoLzQMeyX1wjsX/hgVkN//zyfOQPiBRYgO2ajEGH6 root@server2";
|
ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGgoLzQMeyX1wjsX/hgVkN//zyfOQPiBRYgO2ajEGH6 root@server2";
|
||||||
}
|
}
|
||||||
services {
|
services {
|
||||||
|
@ -114,13 +114,9 @@ let
|
||||||
'';
|
'';
|
||||||
|
|
||||||
configFileWithHash = runCommand "junos.config" {
|
configFileWithHash = runCommand "junos.config" {
|
||||||
nativeBuildInputs = [ python3 ];
|
nativeBuildInputs = [ mkpasswd ];
|
||||||
} ''
|
} ''
|
||||||
cat >gen.py<<EOF
|
HASH=$(echo "${hostConfig.password}" | mkpasswd --method=SHA-512 --stdin)
|
||||||
import crypt
|
|
||||||
print(crypt.crypt('${hostConfig.password}', crypt.mksalt(crypt.METHOD_SHA256)))
|
|
||||||
EOF
|
|
||||||
HASH=$(python gen.py)
|
|
||||||
substitute ${configFile} $out \
|
substitute ${configFile} $out \
|
||||||
--replace "%%HASH%%" "$HASH"
|
--replace "%%HASH%%" "$HASH"
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in New Issue