Change your default password.
Posted: Tue Sep 19, 2017 11:18 pm
Is there any command I can perform after performing these steps to see if I have done it the right way?
is there any way to confirm if I have successfully performed the changes
Thanks for listening.
Change your default password
The default username and password is used for every single Raspberry Pi running Raspbian. So, if you can get access to a Raspberry Pi, and these settings have not been changed, you have root access to that Raspberry Pi.
So the first thing to do is change the password. This can be done via the raspi-config application, or from the command line.
sudo raspi-config
Select option 2, and follow the instructions to change the password.
In fact, all raspi-config does is start up the command line passwd application, which you can do from the command line. Simply type in your new password and confirm it.
passwd
Changing your username
You can, of course, make your Raspberry Pi even more secure by also changing your username. All Raspberry Pis come with the default username pi, so changing this will immediately make your Raspberry Pi more secure.
To add a new user with the same permissions as the pi user:
sudo useradd -m fred -G sudo
This adds a new user called fred, creates a home folder, and adds the user to the sudo group. You now need to set a password for the new user:
sudo passwd fred
Log out and log back with the new account details. Check your permissions are in place (i.e. you can sudo) by trying the following.
sudo visudo
The visudo command can only be run by an account with sudo privileges. If it runs successfully, then you can be sure that the new account is in the sudo group.
Once you have confirmed that the new account is working, you can delete the pi user. Please note, though, that with the current Raspbian distribution, there are some aspects that require the pi user to be present. If you are unsure whether you will be affected by this, then leave the pi user in place. Work is being done to reduce the dependency on the pi user.
To delete the pi user, type the following:
sudo deluser pi
This command will delete the pi user but will leave the home/pi folder. If necessary, you can use the command below to remove the home folder for the pi user at the same time. Note the data in this folder will be permanently deleted, so make sure any required data is stored elsewhere.
sudo deluser -remove-home pi
Make sudo require a password
Placing sudo in front of a command runs it as a superuser, and by default, that does not need a password. In general, this is not a problem. However, if your Pi is exposed to the internet and somehow becomes exploited (perhaps via a webpage exploit for example), the attacker will be able to change things that require superuser credential, unless you have set sudo to require a password.
To force sudo to require a password, enter
sudo nano /etc/sudoers.d/010_pi-nopasswd
and change the pi entry (or whichever usernames have superuser rights) to
pi ALL=(ALL) PASSWD: ALL
Now save the file.
www.raspberrypi.org/documentation/confi ... ecurity.md
is there any way to confirm if I have successfully performed the changes
Thanks for listening.
Change your default password
The default username and password is used for every single Raspberry Pi running Raspbian. So, if you can get access to a Raspberry Pi, and these settings have not been changed, you have root access to that Raspberry Pi.
So the first thing to do is change the password. This can be done via the raspi-config application, or from the command line.
sudo raspi-config
Select option 2, and follow the instructions to change the password.
In fact, all raspi-config does is start up the command line passwd application, which you can do from the command line. Simply type in your new password and confirm it.
passwd
Changing your username
You can, of course, make your Raspberry Pi even more secure by also changing your username. All Raspberry Pis come with the default username pi, so changing this will immediately make your Raspberry Pi more secure.
To add a new user with the same permissions as the pi user:
sudo useradd -m fred -G sudo
This adds a new user called fred, creates a home folder, and adds the user to the sudo group. You now need to set a password for the new user:
sudo passwd fred
Log out and log back with the new account details. Check your permissions are in place (i.e. you can sudo) by trying the following.
sudo visudo
The visudo command can only be run by an account with sudo privileges. If it runs successfully, then you can be sure that the new account is in the sudo group.
Once you have confirmed that the new account is working, you can delete the pi user. Please note, though, that with the current Raspbian distribution, there are some aspects that require the pi user to be present. If you are unsure whether you will be affected by this, then leave the pi user in place. Work is being done to reduce the dependency on the pi user.
To delete the pi user, type the following:
sudo deluser pi
This command will delete the pi user but will leave the home/pi folder. If necessary, you can use the command below to remove the home folder for the pi user at the same time. Note the data in this folder will be permanently deleted, so make sure any required data is stored elsewhere.
sudo deluser -remove-home pi
Make sudo require a password
Placing sudo in front of a command runs it as a superuser, and by default, that does not need a password. In general, this is not a problem. However, if your Pi is exposed to the internet and somehow becomes exploited (perhaps via a webpage exploit for example), the attacker will be able to change things that require superuser credential, unless you have set sudo to require a password.
To force sudo to require a password, enter
sudo nano /etc/sudoers.d/010_pi-nopasswd
and change the pi entry (or whichever usernames have superuser rights) to
pi ALL=(ALL) PASSWD: ALL
Now save the file.
www.raspberrypi.org/documentation/confi ... ecurity.md