[Since version 1.9.0]
multipass authenticate command allows a client to authenticate with the Multipass service. Once authenticated, the client can issue commands such as
$ multipass authenticate --help Usage: multipass authenticate [options] [<passphrase>] Authenticate with the Multipass service. A system administrator should provide you with a passphrase to allow use of the Multipass service. Options: -h, --help Display this help -v, --verbose Increase logging verbosity. Repeat the 'v' in the short option for more detail. Maximum verbosity is obtained with 4 (or more) v's, i.e. -vvvv. Arguments: passphrase Passphrase to register with the Multipass service. If omitted, a prompt will be displayed for entering the passphrase.
To help reduce the amount of typing for
authenticate, one can also use
multipass auth as an alias:
$ multipass auth foo
If no passphrase is given in the
authenticate command line, a prompt will be displayed in order to enter the passphrase:
$ multipass authenticate Please enter passphrase:
How it works
Linux & macoOS
Linux and macOS hosts currently use a Unix domain socket for client and daemon communication. Upon first use, this socket only allows a client to connect via a user who belongs to the particular group the socket is owned by. For example, this group could be
wheel and the user needs to belong to this group or else permission will be denied when connecting.
After the first client connects with a user belonging to the socket’s admin group, the client’s OpenSSL certificate will be accepted by the daemon and the socket will be then be open for all users to connect. Any other user trying to connect to the Multipass service will need to authenticate with the service using the previously set
The Windows host uses a TCP socket listening on port 50051 for client connections. This socket is open for all to use since there is no concept of file ownership for TCP sockets. This is not very secure in that any Multipass client can connect to the service and issue any commands.
To close this gap, the client will now need to be authenticated with the Multipass service. To ease the burden of having to authenticate the client, the user who installs the updated version of Multipass will automatically have their clients authenticated with the service. Any other users connecting to the service will have to use authenticate using the previously set