Wie schafft man die updater.secret Hürde auf einem all-inkl Server?

WernerB · April 7, 2023, 9:13am

Welche Schritte sind bei der folgenden Meldung zu unternehmen? Bitte genau beschreiben.

Authentication

To login you need to provide the unhashed value of “updater.secret” in your config file.

If you don’t know that value, you can access this updater directly via the Nextcloud admin screen or generate your own secret:

php -r '$password = trim(shell_exec("openssl rand -base64 48")); if (strlen($password) === 64) {$hash = password_hash($password, PASSWORD_DEFAULT) . "\n"; echo "Insert as \"updater.secret\": ".$hash; echo "The plaintext value is: ".$password."\n";} else {echo "Could not execute OpenSSL.\n";};' Invalid password

tflidd · April 11, 2023, 9:53am

You can run the given code from command line of your Linux system:

php -r '$password = trim(shell_exec("openssl rand -base64 48")); if (strlen($password) === 64) {$hash = password_hash($password, PASSWORD_DEFAULT) . "\n"; echo "Insert as \"updater.secret\": ".$hash; echo "The plaintext value is: ".$password."\n";} else {echo "Could not execute OpenSSL.\n";};'

For me the output is:


Insert as "updater.secret": $2y$10$CiioqG06g7fZQUJYLgjnt.QLY.Us1YKSTIgPOuV82LH30hnWodL6.
The plaintext value is: AwjiEXiC1f9vJ6+bao3dCdmuqbmS+4V7wWFkszhpeqkIlyMnIEnpazDuWVPJ0iLx

the updater-secret goes into the config-file (that is the hashed value of the password),
and you need to keep the plaintext value and provide it for each update.

devnull · April 11, 2023, 12:07pm

Or without shell access in a php script: