How to authenticate clients with the Multipass service
See also:
authenticate
, local.passphrase, Service
[since version 1.9.0]
Multipass requires clients to be authenticated with the service before allowing commands to complete.
Contents:
- Setting the passphrase
- Authenticating the client
- In case client cannot authorize and the passphrase cannot be set
Setting the passphrase
A passphrase needs to be set by the administrator in order for clients to authenticate with the Multipass service. The client setting the passphrase will need to already be authenticated. There are two ways to set the passphrase.
To set the passphrase with an echoless interactive entry where the typed in passphrase is hidden from view:
$ multipass set local.passphrase
Please enter passphrase:
Please re-enter passphrase:
To set the passphrase in one single command where the passphrase is visible:
$ multipass set local.passphrase=foo
Authenticating the client
A client that is not authorized to connect to the Multipass service will fail when running
multipass
commands. An error will be displayed when this happens. For example:
$ multipass list
list failed: The client is not authenticated with the Multipass service.
Please use 'multipass authenticate' before proceeding.
At this time, the client will need to provide the previously set passphrase. This can be accomplished in two ways.
To authenticate with an echoless interactive entry where the typed in passphrase is hidden from view:
$ multipass authenticate
Please enter passphrase:
To authenticate in one single command where the passphrase is visible:
$ multipass authenticate foo
In case client cannot authorize and the passphrase cannot be set
It is possible that another client that is privileged to connect to the Multipass socket will connect first and make it seemingly impossible to set the local.passphrase
and also authorize
the client with the service. One will see something like the following:
$ multipass list
list failed: The client is not authenticated with the Multipass service.
Please use 'multipass authenticate' before proceeding.
$ multipass authenticate
Please enter passphrase:
authenticate failed: Passphrase is not set. Please `multipass set local.passphrase` with a trusted client.
$ multipass set local.passphrase
Please enter passphrase:
Please re-enter passphrase:
set failed: The client is not authenticated with the Multipass service.
Please use 'multipass authenticate' before proceeding.
and then it seems impossible to authorize the client to connect to the service. This may not even work when using sudo
.
The following workaround should help get out of this situation:
$ cat ~/snap/multipass/current/data/multipass-client-certificate/multipass_cert.pem | sudo tee -a /var/snap/multipass/common/data/multipassd/authenticated-certs/multipass_client_certs.pem > /dev/null
$ snap restart multipass
At this point, your client should be authenticated with the Multipass service.
Last updated 1 year, 7 days ago.