Incorrect documentation about SSH_PASS

[neunenak]

I'm trying out nixos-anywhere for the first time. The quickstart documentation at https://github.com/nix-community/nixos-anywhere/blob/main/docs/quickstart.md states that one can set a password on the remote machine having nixos deployed to it, then set SSH_ENV to that password locally, and pass in the --env-password flag to nixos-anywhere to use it (although the way this is worded is a bit ambiguous).

However, when I tried this, I saw an error message about SSHENV not being set, and then a seemingly-endless loop of:

/nix/store/wm6mkdb46ym7zyc4f2d59fnak3cqzzs6-nixos-anywhere-1.3.0/bin/.nixos-anywhere-wrapped: line 322: 163958 Segmentation fault      (core dumped) sshpass -e ssh-copy-id -i "$ssh_key_dir"/nixos-anywhere.pub -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o StrictHostKeyChecking=no "${ssh_copy_id_args[@]}" "${ssh_args[@]}" "$ssh_connection"

Following the error message I tried using SSHENV instead and it seemed to work. But this is not a very good UX, and it would be good to update the documentation to be correct.

[sedlund]

I'm assuming you mean this paragraph:

Optionally, bootstrapping can also be performed through password login. For example through the image-installer-* provided by nix-community/nixos-images. Assign your password to the SSH_PASS environment variable and specify --env-password as an additional command line option. This will provide ssh-copy-id with the required password.

The image-installer* mentioned is referring to the release artifacts here: https://github.com/nix-community/nixos-images/releases (with the aforementioned prefix). This will need to be booted on the target machine to accomplish this.

I searched for SSHENV and SSH_ENV that you state and cannot find them mentioned.

If my assumptions are incorrect, please be more specific.

[neunenak]

Ah my apologies I wrote down the wrong variable names - SSH_PASS is what the documentation says to use, that I found to be broken when I tried it, and SSHPASS is what actually worked.

Anyway, what I actually did was boot into the nixos installer on the target machine and give both the root and nixos users a password. Then when I ran nixos-anywhere locally I passed it --env-password and set SSHPASS which I thought was necessary to avoid the nixos-anywhere install process failing because it needed to manually prompt me for a ssh password.

[sedlund]

SSH_PASS is what the documentation says to use, that I found to be broken when I tried it, and SSHPASS is what actually worked.

Thanks I will update the doc to SSHPASS.

what I actually did was boot into the nixos installer on the target machine and give both the root and nixos users a password

I have not used the regular install ISO to install in a while, did you have to edit sshd_config to allow password logins?

which I thought was necessary to avoid the nixos-anywhere install process failing because it needed to manually prompt me for a ssh password.

I believe it will ask and you can type it in - so this is not required. Please let me know if you found otherwise.

[neunenak]

what I actually did was boot into the nixos installer on the target machine and give both the root and nixos users a password

I have not used the regular install ISO to install in a while, did you have to edit sshd_config to allow password logins?

Nope, I didn't touch sshd_config on the remote server booted into the nixos installer (I think I was using the 23.05 one because that's the ISO I had handy on that remote system).

which I thought was necessary to avoid the nixos-anywhere install process failing because it needed to manually prompt me for a ssh password.

I believe it will ask and you can type it in - so this is not required. Please let me know if you found otherwise.

Oh, interesting, I just assumed it wouldn't work and didn't try it. I'll give this a shot next time I use nixos-anywhere

[sedlund]

@neunenak can you look at #363

let me know if you have feedback.