.. _admin-password-injection: ==================================== Injecting the administrator password ==================================== Compute can generate a random administrator (root) password and inject that password into an instance. If this feature is enabled, users can run :command:`ssh` to an instance without an :command:`ssh` keypair. The random password appears in the output of the :command:`openstack server create` command. You can also view and set the admin password from the dashboard. **Password injection using the dashboard** By default, the dashboard will display the ``admin`` password and allow the user to modify it. If you do not want to support password injection, disable the password fields by editing the dashboard's ``local_settings.py`` file. .. code-block:: none OPENSTACK_HYPERVISOR_FEATURES = { ... 'can_set_password': False, } **Password injection on libvirt-based hypervisors** For hypervisors that use the libvirt back end (such as KVM, QEMU, and LXC), admin password injection is disabled by default. To enable it, set this option in ``/etc/nova/nova.conf``: .. code-block:: ini [libvirt] inject_password=true When enabled, Compute will modify the password of the admin account by editing the ``/etc/shadow`` file inside the virtual machine instance. .. note:: Users can only use :command:`ssh` to access the instance by using the admin password if the virtual machine image is a Linux distribution, and it has been configured to allow users to use :command:`ssh` as the root user. This is not the case for `Ubuntu cloud images `_ which, by default, does not allow users to use :command:`ssh` to access the root account. **Password injection and XenAPI (XenServer/XCP)** When using the XenAPI hypervisor back end, Compute uses the XenAPI agent to inject passwords into guests. The virtual machine image must be configured with the agent for password injection to work. **Password injection and Windows images (all hypervisors)** For Windows virtual machines, configure the Windows image to retrieve the admin password on boot by installing an agent such as `cloudbase-init `_.