[HN Gopher] Raspberry Pi update removes the default user ___________________________________________________________________ Raspberry Pi update removes the default user Author : ez_mmk Score : 55 points Date : 2022-04-07 19:17 UTC (3 hours ago) (HTM) web link (deepaqua.me) (TXT) w3m dump (deepaqua.me) | alar44 wrote: | Good. | | 8ish years ago, I wrote a script to search out Pis with port 22 | opened to the internet with default un and pw. Let it run | overnight. | | The next morning I checked the log and it found thousands of Pis | that I could have just logged into with root privileges if I | wanted. | | Never trust users. | jbaczuk wrote: | I know you logged in to some of them... :) | alerighi wrote: | This is good because I always ended up removing the defualt user | and creating another or just using root. | | You can always mount the SD card partition and put your ssh key | into /root to log in with that. An improvement could be to also | load ssh key from the /boot partition so also windows/mac users | could do that easily. | | By the way using root with an ssh key is fine and not a problem | in terms of security. | wanderer_ wrote: | Now it's just a matter of time before I start losing installs | because I can't remember passwords... | MarkusWandel wrote: | The FS is not encrypted. So just plug the SD card into another | computer and edit the password file to replace the encrypted | password with a null string. | Karellen wrote: | Wait, is this an update to the OS, or an update to the installer? | | If I upgrade my existing Pis, are the currently in-use `pi` users | (which have non-default passwords) going to be removed? | | About half the article makes it sound like it's an OS update, but | the other half makes it sound like an installer update, and | there's a _big_ difference between those two scenarios. | LeoPanthera wrote: | This is an update to the OS image, which adds a first-run | script prompting you to create a new user. | | Existing installations will not be affected. | [deleted] | vault wrote: | I thought it was still April 1st | MarkusWandel wrote: | Well, at least the default, non-expert install of the Raspi OS | doesn't enable ssh logins. | londons_explore wrote: | I'm pretty sure the law discourages default _passwords_. I don 't | see anything wrong with default users, especially on systems | which are usually single-user. | batch12 wrote: | I wonder if removing root is on the roadmap :) | djbusby wrote: | Which law? | | Oh, this: | | https://www.bbc.com/news/technology-59400762 | exfascist wrote: | They should have just removed the password. Default passwords are | braindead. Default users really aren't that bad. | | Fun anecdote: I used to log into people's Pis in college and show | them that they needed to change the password. People don't react | nicely to that. | op00to wrote: | At my company pre-COVID if you left your pc unlocked, you'd get | your nickname changed in chat to a specific code word so | everyone knew you messed up. | jbaczuk wrote: | prob similar to finding out you came to class without pants | op00to wrote: | Damn, I'm so used to googling default passwords for stuff. Now I | gotta remember my own? | ruined wrote: | site is down for me but there's an archive snapshot | | https://archive.ph/gxhCC | ajsnigrutin wrote: | Wtf? So how do I install this headlessly, without needing a | separate piece of software (imager?)? | | I used to just dd the image, touch the 'ssh' file on the boot | partition, and then change stuff over ssh. | _joel wrote: | loopback mount and chroot into the fs, passwd. I'm sure there | are probably easier ways though | ajsnigrutin wrote: | I'm not sure that the arm binary "passwd" will run on x86/_64 | _joel wrote: | Ahh yes, there's qemu-arch64 but that's probably another | rabbithole :) | qbasic_forever wrote: | QEMU and binfmt_misc should do the trick: | https://wiki.debian.org/QemuUserEmulation | simongr3dal wrote: | Maybe you can pipe a username and password, or maybe an ssh | publickey, into the ssh file and it will create that user? | | I wouldn't be too worried, there will likely be a solution for | "power users" who use the ssh file. | shakna wrote: | > There are also mechanisms to preconfigure an image without | using Imager. To set up a user on first boot and bypass the | wizard completely, create a file called userconf or | userconf.txt in the boot partition of the SD card; this is the | part of the SD card which can be seen when it is mounted in a | Windows or MacOS computer. | | > This file should contain a single line of text, consisting of | username:encrypted- password - so your desired username, | followed immediately by a colon, followed immediately by an | encrypted representation of the password you want to use. | | > To generate the encrypted password, the easiest way is to use | OpenSSL on a Raspberry Pi that is already running - open a | terminal window and enter echo 'mypassword' | | openssl passwd -6 -stdin | | > This will produce what looks like a string of random | characters, which is actually an encrypted version of the | supplied password. | | From the anouncement [0], under "Headless setup". | | [0] https://www.raspberrypi.com/news/raspberry-pi-bullseye- | updat... | oauea wrote: | hashed* | rlpb wrote: | They've provided a mechanism to do that. Similar to the SSH | mechanism you already know about. | [deleted] | qbasic_forever wrote: | If you're running a headless setup I'd switch to Ubuntu. You | can use cloud-init and set it all up just like a VPS. | [deleted] | exfascist wrote: | What I've done for this in the past is create buildroot images | that grabbed all the dynamic data from the first FAT partition | (you can get it with blkid although on the Pi you can probably | just hard code it.) ___________________________________________________________________ (page generated 2022-04-07 23:00 UTC)