OMV 3 for ODROID-XU4/HC1/HC2/MC1

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • ryecoaaron wrote:

      I was going to test
      Just to save you some time: Using nand-sata-install to transfer the rootfs to a HDD (with bootloader having to remain either on SD card or eMMC) still doesn't work (at least not the combinations I tried, most probably related to OMV rootfs now relying on btrfs and not ext4 any more). Since I consider this somewhat stupid anyway (since rootfs on a HDD will prevent it to spin-down for longer periods and that's bad for these types of OMV installations) I won't look into it the next months (Armbian on Stretch has higher priority).

      But transferring the installation from SD card to eMMC should work (tested myself after I had implemented a fix @'chymian' reported a while ago that I've had overlooked) while it's still a weird idea. The eMMC modules from Hardkernel are both amazingly fast and expensive and for the OMV use case there's zero benefit running off eMMC anyway. Good genuine Samsung EVO/EVO+ SD cards with 16-64 GB are less expensive and OMV 'performance' is exactly the same as long as the flashmemory plugin is active (default).
      'OMV problems' with XU4 and Cloudshell 2? Nope, read this first. 'OMV problems' with Cloudshell 1? Nope, just Ohm's law or queue size.
    • I tested it. One odd thing is that permit root login was not set. I had to connect a monitor and keyboard to fix that. I didn't think cloudshell ran by default either but it has been a while since I paid attention. I didn't try the emmc stuff because I couldn't find my emmc cards.
      omv 4.0.11 arrakis | 64 bit | 4.13 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      I tested it. One odd thing is that permit root login was not set.
      That's by intention and on all OMV images now except those for the Raspberries where I simply fear the amount of same questions asked again and again.

      I diskussed this with ayufan few months ago when he started to work on OMV for ROCK64 and we both consider an open root enabled SSH account with default password 'openmediavault' some sort of a backdoor the majority of users (who never will use SSH and might not even know about) is not aware of. Necessary procedure is part of the readme.txt though:

      Source Code

      1. - SSH keys are regenerated on first boot but SSH login has to be
      2. enabled in web UI prior to usage: Services --> SSH --> Permit root
      3. login
      We discussed this months ago already: A mandatory password change on first login (web UI) which also adjust root passwd at the same time. Waiting since then since no idea where/how to implement something like that in OMV.
      'OMV problems' with XU4 and Cloudshell 2? Nope, read this first. 'OMV problems' with Cloudshell 1? Nope, just Ohm's law or queue size.
    • tkaiser wrote:

      we both consider an open root enabled SSH account with default password 'openmediavault' some sort of a backdoor the majority of users (who never will use SSH and might not even know about) is not aware of.
      If root login via ssh is going to be disabled, then why not set the root password to a random string? If a user wants to login via ssh, they can create a user with ssh (and sudo) privileges.

      tkaiser wrote:

      A mandatory password change on first login (web UI) which also adjust root passwd at the same time
      I'm still not sure how to do that. Maybe @votdev has some ideas (not asking votdev to code but just for some ideas).
      omv 4.0.11 arrakis | 64 bit | 4.13 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      If root login via ssh is going to be disabled, then why not set the root password to a random string? If a user wants to login via ssh, they can create a user with ssh (and sudo) privileges.
      Well, in Armbian we have 'chage -d 0 root' set which means users login via SSH with a default logon credentials 'root:1234' and are immediately forced to assign a new root password (using the distro's default password strength policies so '4321' or 'test123' won't work). We deal with users that fail with the password change (having to enter two times 1234 and then their new password two times again) and we deal with users who can not remember the password they assigned a day later.

      When I started with the ARM OMV images I followed your conventions using a default 'predictable' password without forced passwd change since I thought that's for a reason (maybe support nightmare). I'm open for any suggestions and of course also fine with returning to Armbian defaults which would just require either deleting a single line or adding the chage call again (allowing to login with 'openmediavault' passwd the first time and then forcing the user to choose an own)
      'OMV problems' with XU4 and Cloudshell 2? Nope, read this first. 'OMV problems' with Cloudshell 1? Nope, just Ohm's law or queue size.
    • tkaiser wrote:

      When I started with the ARM OMV images I followed your conventions using a default 'predictable' password without forced passwd change since I thought that's for a reason (maybe support nightmare). I'm open for any suggestions and of course also fine with returning to Armbian defaults which would just require either deleting a single line or adding the chage call again (allowing to login with 'openmediavault' passwd the first time and then forcing the user to choose an own)
      It was done to make things easy. Lately, it seems like no one connects a monitor to arm boards. So, I'm ok with no (or random) root password being set. I don't think the chage fix helps with users who never use ssh. If we can just get the first login to force the admin user to change its password, I think it would be a fairly secure system.
      omv 4.0.11 arrakis | 64 bit | 4.13 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • where to report pbls. like these?

      Building a jessie OMV armbian today left me with an unreachable device.

      on the first run with automatic reboot, the ovm-mkconfig interfaces destroys the /etc/network/interfaces:

      Source Code

      1. $ omv-mkconf interfaces
      2. root@nas ~
      3. $ cat /etc/network/interfaces
      4. # The loopback network interface
      5. auto lo
      6. iface lo inet loopback
      7. # eth0 network interface
      8. auto eth0
      9. allow-hotplug eth0
      10. iface eth0 inet static
      11. address 192.168.1.4 2a02:810d:2d3f:d763:21e:6ff:fe30:634d
      12. gateway 192.168.1.1
      13. netmask
      14. dns-nameservers 192.168.1.1
      15. fd00::ca0e:14ff:fe8d:c10f
      16. dns-search fritz.box
      17. iface eth0 inet6 manual
      18. pre-down ip -6 addr flush dev $IFACE
      Display All

      after fixing it manualy and bringing the interface up with ifup, the web-gui is still not able to connect, after login.

      the interface config can be fixed with omv-firstaid & reboot.
      but web-gui is still not able to connect, after login: communication failure

      in case it might help, i played with stretch and OMV4 before, there was no such error.
    • ryecoaaron wrote:

      tkaiser wrote:

      we both consider an open root enabled SSH account with default password 'openmediavault' some sort of a backdoor the majority of users (who never will use SSH and might not even know about) is not aware of.
      If root login via ssh is going to be disabled, then why not set the root password to a random string? If a user wants to login via ssh, they can create a user with ssh (and sudo) privileges.

      tkaiser wrote:

      A mandatory password change on first login (web UI) which also adjust root passwd at the same time
      I'm still not sure how to do that. Maybe @votdev has some ideas (not asking votdev to code but just for some ideas).
      The root password is set during the ISO installation, so there is no need to change it. If OMV is installed manually, then the admin is responsible for its account. If OMV is installed via images, then there some scripts must ensure the password is unique and not a default one.
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • ryecoaaron wrote:

      tkaiser wrote:

      When I started with the ARM OMV images I followed your conventions using a default 'predictable' password without forced passwd change since I thought that's for a reason (maybe support nightmare). I'm open for any suggestions and of course also fine with returning to Armbian defaults which would just require either deleting a single line or adding the chage call again (allowing to login with 'openmediavault' passwd the first time and then forcing the user to choose an own)
      It was done to make things easy. Lately, it seems like no one connects a monitor to arm boards. So, I'm ok with no (or random) root password being set. I don't think the chage fix helps with users who never use ssh. If we can just get the first login to force the admin user to change its password, I think it would be a fairly secure system.
      The root user and password should NEVER me modified and managed via the UI. This is a big security hole and that's why it is not implemented until now.
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • votdev wrote:

      If OMV is installed via images, then there some scripts must ensure the password is unique and not a default one.
      Fully Agreed. Unlike the ISO installation for x64 the 'installation' on ARM devices is not guided in any form and I fear this won't change anytime soon or at all (headless devices and lack of serial console by majority of users)

      As an approach for OMV ARM installations providing same security level as on x64 I could imagine the following:
      • permit root login set to NO by default (done on every ARM image currently except Raspberry Pi)
      • default root password is set to openmediavault (default now)
      • Password policy enforces root passwd change the first time root logs in either locally or via SSH (that's how Armbian does it, not implemented yet on the OMV images since I disabled it to remain compatible to the 'old' behaviour)


      So by default no root SSH login possible unless user sets permit root login to YES in web UI. When logging in through SSH as root he's forced to immediately change the password. An alternative approach is the user creating an own user account belonging to the sudo group (which is what I would prefer to write into the documentation).
      'OMV problems' with XU4 and Cloudshell 2? Nope, read this first. 'OMV problems' with Cloudshell 1? Nope, just Ohm's law or queue size.
    • chymian wrote:

      on the first run with automatic reboot, the ovm-mkconfig interfaces destroys the /etc/network/interfaces
      Hmm... IMO wrong place to discuss this low level stuff and self-built images here. But please try out to replace these lines with

      Source Code

      1. sleep 30 && sync && reboot' /etc/init.d/firstrun
      and report back in Armbian forum.
      'OMV problems' with XU4 and Cloudshell 2? Nope, read this first. 'OMV problems' with Cloudshell 1? Nope, just Ohm's law or queue size.
    • tkaiser wrote:

      Password policy enforces root passwd change the first time root logs in either locally or via SSH
      Sounds for me like the way to go. ;)

      tkaiser wrote:

      permit root login set to NO by default (done on every ARM image currently except Raspberry Pi)
      Be coherent. Don't make it behave different on different platforms.

      tkaiser wrote:

      default root password is set to openmediavault (default now)
      Not sure what is the way to go here, I'd suggest it to be openmediavault and have it changed on first login, as long as permit root login is disabled. Make a note on all github readmes that root login is disabled.

      Greetings
      David
      "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.


      Upload Logfile via WebGUI/CLI
      #openmediavault on freenode IRC | German & English | GMT+1
      Absolutely no Support via PM!

      I host parts of the omv-extras.org Repository, the OpenMediaVault Live Demo and the pre-built PXE Images. If you want you can take part and help covering the costs by having a look at my profile page.
    • votdev wrote:

      The root user and password should NEVER me modified and managed via the UI. This is a big security hole and that's why it is not implemented until now.
      I was more interested in force the admin password to be changed on first web ui login. root can be disabled for all I care.
      omv 4.0.11 arrakis | 64 bit | 4.13 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • just installed OMV_3_0_88_Odroidxu4_4.9.52.img.xz on the HC1, going to update and i get an error on a repo:

      W: Failed to fetch apt.armbian.com/dists/jessie/InRelease Unable to find expected entry 'jessie-utils/binary-armhf/Packages' in Release file (Wrong sources.list entry or malformed file)
      E: Some index files failed to download. They have been ignored, or old ones used instead.

      and what's the correct procedure to update to OMV4, when my apt will work?
      thanks
    • tkaiser wrote:

      Request for test
      Working fine here. Uploading now.

      Done now.
      omv 4.0.11 arrakis | 64 bit | 4.13 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!

      The post was edited 1 time, last by ryecoaaron ().