Bulk Device Management: Generating and storing the username & passwords for many Linux devices

Question

I have a hundred Linux devices (Raspberry Pis) to provision. That includes generating new username/password pairs and storing them for future use. Once they are deployed in the field, I'll need to access the devices over SSH & VNC.

Question

What would be a secure & automatable way to:

generate new, random username/passwords
store them for future use

Idea

I could use 1Password or another password manager to manually generate unique passwords and usernames.

The only problem is this solution doesn't scale well with the manual steps.

Any other ideas?

Bob · Accepted Answer · 2019-11-01T13:42:12.427

Why do you think you need both unique users and passwords?

When you only need accounts for management access and the systems are expected to have reliable network connections:

Simply don't deploy any local users at all. Configure the devices to use a central identity store (such as for instance LDAP, Active Directory etc.).

When you then also configure opensshd with an AuthorizedKeysCommand that looks up trusted public keys from a similar central location you won't even have to provision ~/.ssh/authorized_keys files either and can rely an pam_mkhomedir to create a home directory at first login.

A fairly typical way to ensure systems build from a generic system image will get unique properties such as local users, groups (and many other things) on the first boot is with cloudinit userdata.

Great points, I hadn't thought of it like that. Thank you! – Emile Petrone Nov 01 '19 at 13:53 — Emile Petrone, Nov 01 '19 at 13:53

Bulk Device Management: Generating and storing the username & passwords for many Linux devices

1 Answers1