Generate random tokens

lib/config/fileconf.go

@@ -42,6 +42,11 @@ import (
 	"gopkg.in/yaml.v2"
 )
 
+const (
+	// randomTokenLenBytes is the length of random token generated for the example config
+	randomTokenLenBytes = 24
+)
+
 var (
 	// all possible valid YAML config keys
 	// true  = has sub-keys
@@ -246,10 +251,16 @@ func ReadConfig(reader io.Reader) (*FileConfig, error) {
 func MakeSampleFileConfig() (fc *FileConfig) {
 	conf := service.MakeDefaultConfig()
 
+	// generate a secure random token
+	randomJoinToken, err := utils.CryptoRandomHex(randomTokenLenBytes)
+	if err != nil {
+		panic(err)
+	}
+
 	// sample global config:
 	var g Global
 	g.NodeName = conf.Hostname
-	g.AuthToken = "cluster-join-token"
+	g.AuthToken = randomJoinToken
 	g.CAPin = "sha256:ca-pin-hash-goes-here"
 	g.Logger.Output = "stderr"
 	g.Logger.Severity = "INFO"
@@ -281,7 +292,7 @@ func MakeSampleFileConfig() (fc *FileConfig) {
 	var a Auth
 	a.ListenAddress = conf.Auth.SSHAddr.Addr
 	a.EnabledFlag = "yes"
-	a.StaticTokens = []StaticToken{"proxy,node:cluster-join-token"}
+	a.StaticTokens = []StaticToken{StaticToken(fmt.Sprintf("proxy,node:%s", randomJoinToken))}
 	a.LicenseFile = "/path/to/license-if-using-teleport-enterprise.pem"
 
 	// sample proxy config:

tool/teleport/common/usage.go

@@ -35,9 +35,7 @@ Examples:
 # Things to update:
 #  1. ca_pin: Obtain the CA pin hash for joining more nodes by running 'tctl status'
 #     on the auth server once Teleport is running.
-#  2. cluster-join-token: Update to a more secure static token. For more details,
-#     see https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster
-#  3. license-if-using-teleport-enterprise.pem: If you are an Enterprise customer,
+#  2. license-if-using-teleport-enterprise.pem: If you are an Enterprise customer,
 #     obtain this from https://dashboard.gravitational.com/web/
 #`
 )