I tried installing YunoHost once, now I’m installing again. I installed it on a Virtual Machine. After installing, it asked for a user and password. I typed in what was provided “root” and “yunohost”, and it didn’t work, it said incorrect.
You must log in or # to comment.
Not sure what you mean by “what was provided”… who is providing a username and password for your yunohost?
You are supposed to create your own username and password during the “Begin” setup process after it first installs. “root” and “yunohost” are very insecure and if you use passwords that are copy/pasted from somewhere else on a machine connected to the internet it will be hacked, potentially almost immediately. People have bots that literally just try to connect using these common default passwords all day every day to every site on the internet. I have literally had machines with such crappy passwords hacked within minutes of spinning them up. The same thing can happen even when you are first doing the setup process. If somebody else can get in, they can (most likely with a bot) do the setup process themselves and set up their OWN username/password, and now it will ask you for that password that THEY set, which you have no way of knowing. The instance belongs to the first person to claim it, and if that’s not you, you have to wipe it and start over.
Your yunohost VM interface should not be exposed to the internet during setup. Even briefly, or someone else can immediately compromise it like this. The only way to ensure you are the first person to access it is to make sure you are the ONLY person who can access it, until it is properly set up and secured. Bots are WAY faster than you can be.
Use localhost console, VM port forwarding or some other secure method of making sure nobody but your own host computer can access the IP of the server where you are setting things up, until it has a strong, secure password (not “yunohost”) and make sure you have all its security features configured and working before you even think about making it accessible to the internet.
when i signed in, it just downloaded the packages and didn’t ask me to create my own username nor password, it told me to use root and yunohost.
Aha I see you did the text-based install then? I’ve never done that myself but I just tried it now and it worked fine for me with the default password it mentions. Make sure caps lock is off. You will not be able to see the password when you type it, so be extra careful you are typing it correctly.
Most of the same cautions about internet access still apply, if your networking is active on this VM there’s a non-zero chance you can get hacked right away when you’re in default passwords/initial setup mode. If you continue to have trouble getting in, you should reinstall it once again onto a fresh VM with network mode set to NAT if possible, or even disabled completely, and see if it works in that configuration. It really is critical to get the password set up before opening up the internet.
Thank you, it seems I messed something up so I’m redoing it
I did graphical-install, I closed out of the IP site thing so im redoing
The same thing can happen even when you are first doing the setup process.
I might get a bit too stressed about standing up a server than I should, but this notion has always been in the back of my mind, prompting me to hurry the fuck up and secure everything before some bot detected I was remiss we in having this or that in place in the initial setup. So, it’s like a sprint trying to get all security in place.
I don’t share my servers with others like a lot you guys do, so it’s a little simpler. Implementing host.allow and host.deny (ALL:ALL) does the trick. Over the course of 24 hours, I think, conservatively hundreds of bots visit.
I think after initial installation, you open a browser with the post-installation step and configure a username and password there. I’m not entirely sure, it’s been some time since I did it. But depending on installation method, I don’t think it has a provided password.
General password advice: Check caps lock, and if you use like a German keyboard if ‘z’ and ‘y’ are swapped.
i got it! thanks!
oh thanks! yes probably!
