A user should never have to SSH to Gladys Raspbian image

[Pierre-Gilles]

• Gladys Docker image should be updated automatically (Watchtower)
• The Raspbian image should silently do security upgrade at night
• Gladys should display the storage available on the Raspberry Pi, and allow the user to expand SD filestystem

[VonOx]

Password purpose https://www.thegeekdiary.com/unix-linux-how-to-force-user-to-change-their-password-on-next-login-after-password-has-reset/

[Pierre-Gilles]

Password purpose https://www.thegeekdiary.com/unix-linux-how-to-force-user-to-change-their-password-on-next-login-after-password-has-reset/

I don't think we want something on Linux side! The goal of this GitHub issue is to never have to SSH to the Raspberry Pi, so this doesn't work

We want for example an automated task on Gladys side which changes the SSH passsword automatically, so that the password is, by default, never a default password.

If the user is an advanced user, he'll have in the web UI a view in "config" with the "login/password".

[VonOx]

I agree for newbie but not for advanced user.

In case advanced user want to connect to rpi, he doesn't want to do that in Gladys. In my own Gladys must not manage system user in term of security.

This basic setting set password reset at first login. Simple.

And it's technically complicated because Gladys is inside container.

So, I have managed to generate a rpi image (500mb) with non default user, password can be generated and reset at first login. Build with latest kernel in 8 minutes

At first start partition expand and containers are created.

I'm trying to follow global philosophy, simple, even for advanced user.

[Pierre-Gilles]

Sorry I didn't see your comments... Lost in my endless pile of GitHub notifications..

Better late than never 😅

So, I have managed to generate a rpi image (500mb) with non default user, password can be generated and reset at first login. Build with latest kernel in 8 minutes

Nice ! About the auto-expand, it's great! Do you know if you'd be able to generate a rpi-image with docker + Gladys in CLI for example ? Right now I'm building manually the image, it would be amazing if it could be an automated process !

About the reset password at first login, it still means that the user has to do a SSH login: We don't want that, in Gladys 4, a user should never have to SSH to Gladys, everything should be done in Gladys UI.

Gladys should be thought as an end product IMO, like any other product you can buy in store.

• Are people asked to SSH into their smart speaker ? No.
• Are people asked to SSH into their fridge ? No.
• Same question for any other consumer products.

I don't know if there is a perfect answer to that, after searching the web, for example Sonos Speaker are openly accessible on the network, so if you are on the same Wi-Fi, you're considered "authorized" to access the speaker.

So maybe leaving what the Raspberry fondation did (default user/default pass) is the right thing... I don't know

Two more things I'm thinking about, which are in my opinion even more important:

• We should be able to control the volume of the Raspberry Pi from Gladys UI.
• We should be able to control the timezone of the system from Gladys UI

[Pierre-Gilles]

Closing this "debate" issue in favor of more explicit tasks :

#834