oldgorilla
Posts: 9
Joined: Tue Dec 03, 2019 10:54 am

WHY is ssh disabled by default..?

Fri Mar 20, 2020 3:51 pm

In Corona-quarantine.
Old. Fat. Ugly. But with a brand new Rpi with a 7" screen. So quite happy despite the initial drawbacks...

Power up - plug in network cable, my DHCP daemon tells me the Pi got 10.1.1.100.

Ping - success.

# ssh 10.1.1.100 - connection refused.

Check the net... "on Raspbian, ssh is nowadays disabled by default..." WTF? WHY?

I have no way to edit any file on the SD-card. I have no USB keyboard, I have no screen. (Nope, no TV)
Does anybody know if I at least can make the Pi boot from a USB memory? (or is that also disabled by default?) Is it worth the hazzle to set up such a do-hickey?

Or, should I - which right now feels like the right solution - break the neck of my one litre bottle of Famous Grouse...?
Any ideas?


/A sad gorilla

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 26085
Joined: Sat Jul 30, 2011 7:41 pm

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 4:00 pm

Security. Pure and simple.

All Pi's when you install a new Raspbian have the same username and password. That makes them wide open to SSH attacks if SSH is turned on by default.

So we turn it off, and put up a warning if you enable it without changing the password.

It's very easy to enable it. Use the config utility from the preferences menu, or raspi-config from the command line. Or add the file ssh to the boot folder before boot. Most people can do one of those things.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

User avatar
B.Goode
Posts: 9879
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 4:04 pm

oldgorilla wrote:
Fri Mar 20, 2020 3:51 pm
In Corona-quarantine.
Old. Fat. Ugly. But with a brand new Rpi with a 7" screen. So quite happy despite the initial drawbacks...

Power up - plug in network cable, my DHCP daemon tells me the Pi got 10.1.1.100.

Ping - success.

# ssh 10.1.1.100 - connection refused.

Check the net... "on Raspbian, ssh is nowadays disabled by default..." WTF? WHY?

I have no way to edit any file on the SD-card. I have no USB keyboard, I have no screen. (Nope, no TV)
Does anybody know if I at least can make the Pi boot from a USB memory? (or is that also disabled by default?) Is it worth the hazzle to set up such a do-hickey?

Or, should I - which right now feels like the right solution - break the neck of my one litre bottle of Famous Grouse...?
Any ideas?


/A sad gorilla



What model of RPi board? Because some will boot from usb mass storage with no further intervention.

And not meaning to be provocative, but how do you plan to write the usb stick? Because if you can do that, can't you modify the existing microSD card the same way?

Relevant Raspberry Pi documentation -

https://www.raspberrypi.org/documentati ... /README.md

https://www.raspberrypi.org/documentati ... des/msd.md




OT: apparently the non-medically approved procedure is to use the Scotch as hand sanitizer, and then drink a single measure. Repeat as necessary. By the end of the day you won't care whether your hands are clean or not...

User avatar
dickon
Posts: 1259
Joined: Sun Dec 09, 2012 3:54 pm
Location: Home, just outside Reading

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 4:15 pm

Cask strength might do it, but standard 40% ABV won't kill SARS-CoV-2.

Is there any reason you can't stick a file called 'ssh' in the first (FAT) partition? Even Windows can manage that. Or so I'm told.

tpyo kingg
Posts: 809
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 4:18 pm

dickon wrote:
Fri Mar 20, 2020 4:15 pm
Is there any reason you can't stick a file called 'ssh' in the first (FAT) partition? Even Windows can manage that. Or so I'm told.
I would expect that the problem might be that the SD and microSD require special adapters. Not all computers have the right ports for that and without an adapter there are few options.

Oldgorilla, which model of Raspberry Pi do you have?

oldgorilla
Posts: 9
Joined: Tue Dec 03, 2019 10:54 am

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 4:22 pm

I have a 3B. (Unboxed one hour ago)

User avatar
B.Goode
Posts: 9879
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 5:32 pm

oldgorilla wrote:
Fri Mar 20, 2020 4:22 pm
I have a 3B. (Unboxed one hour ago)



.... and what provision do you have for creating or modifying the microSD card or other media from which to boot the Operating System?

oldgorilla
Posts: 9
Joined: Tue Dec 03, 2019 10:54 am

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 6:05 pm

Hi, well I can handle USB memory sticks...
I just do not have any means to access an SD card.
I'll breach the quarantine tomorrow and try get my hooves on a USB keyboard and a screen.
(80 miles to town...)

Security is a bitch...

Thanks, and have a nice weekend.

tpyo kingg
Posts: 809
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 6:11 pm

One long shot would be if you have one of those new cameras with a built-in wi-fi web server (or other file sharing) for uploading and downloading files you could put the SD card adapter in it and modify config.txt that way. However, to be practical, a proper adapter is needed. The Raspberry Pi will just have to sit there tantalizingly close but unatainable for a while.

dustnbone
Posts: 226
Joined: Tue Nov 05, 2019 2:49 am

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 6:14 pm

A smartphone or tablet with a uSD slot will also work.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 26085
Joined: Sat Jul 30, 2011 7:41 pm

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 6:18 pm

oldgorilla wrote:
Fri Mar 20, 2020 6:05 pm
Hi, well I can handle USB memory sticks...
I just do not have any means to access an SD card.
I'll breach the quarantine tomorrow and try get my hooves on a USB keyboard and a screen.
(80 miles to town...)

Security is a bitch...

Thanks, and have a nice weekend.
Amazon/Ebay etc and get it delivered. Cheaper than an 80 mile trip each way.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

User avatar
B.Goode
Posts: 9879
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 6:22 pm

oldgorilla wrote:
Fri Mar 20, 2020 6:05 pm
Hi, well I can handle USB memory sticks...
I just do not have any means to access an SD card.
I'll breach the quarantine tomorrow and try get my hooves on a USB keyboard and a screen.
(80 miles to town...)

Security is a bitch...

Thanks, and have a nice weekend.

Making possibly unsafe assumptions due to your insistence on obscurity...

If you can 'handle USB memory sticks' presumably you have some other computing platform and operating system with a usb slot?

So when you go shopping (and I don't condone that) it would be useful to pick up a usb card-reader/writer 'dongle'. And perhaps a spare microSD card.

Is this really urgent - can you get the bits online and have them delivered?

oldgorilla
Posts: 9
Joined: Tue Dec 03, 2019 10:54 am

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 8:23 pm

Well, "urgent". No. What is really urgent?
Ebay do not reach this far out in the wilderness.(Deliveries, that is)

But I do feel that this 'security' approach to some extent shoots over the goal.

The Pi is used by people that is deep in the 'business', and are supposed to - to some extent - understand what they are doing. It IS a bit Microsoftish to put up these barriers by default.

So, what is the next step? "No, we do not allow use of raw sockets, it can be used by hackers." ?
Or "No, the 'sudo' command can destroy the correct settings that we have decided that is good for you."?

I expect this kind of BS from Microsoft or Apple. Not from RP or Arduino...

/Gorilla. (Halfway down the Grouse, so do not ban me for this...)

trejan
Posts: 1676
Joined: Tue Jul 02, 2019 2:28 pm

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 9:04 pm

oldgorilla wrote:
Fri Mar 20, 2020 8:23 pm
But I do feel that this 'security' approach to some extent shoots over the goal.

The Pi is used by people that is deep in the 'business', and are supposed to - to some extent - understand what they are doing. It IS a bit Microsoftish to put up these barriers by default.
The original Raspbian images had SSH enabled by default and there were issues caused by it. People were putting them online with the default user + password and not realising SSH was enabled for anybody on the Internet to connect. There are botnets that specifically look for wide open Pi installs to infect them with malware to spam, hack or used to mask somebody elses dubious activity online. You might think "who cares?" but it won't be so amusing when you get an angry letter from your ISP or the police because your Pi is doing something nefarious.

See https://www.raspberrypi.org/blog/a-secu ... ian-pixel/ for the official announcement of the change.
oldgorilla wrote:
Fri Mar 20, 2020 8:23 pm
So, what is the next step? "No, we do not allow use of raw sockets, it can be used by hackers." ?
Or "No, the 'sudo' command can destroy the correct settings that we have decided that is good for you."?

I expect this kind of BS from Microsoft or Apple. Not from RP or Arduino...
If it was permanently disabled then you might have a point but it isn't.

Close the browser and enjoy the rest of your Grouse.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 26085
Joined: Sat Jul 30, 2011 7:41 pm

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 9:50 pm

OK, so let me get this right. You've come on here and launched a bit of a rant. You've been politely informed as to why the decision was made to SSH off the default - a perfectly valid decision under the circumstances. You've now gone on to increase your rant to accuse us of BS and Microsoftism, along with adding a couple of strawman arguments on unrelated and irrelevant issues (which are not even issues).

Have I got that right?

TBH, whether you've been drinking or not, won't affect any decisions on banning. If you need to go, you need to go. Don't blame it on drink.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

RonR
Posts: 1027
Joined: Tue Apr 12, 2016 10:29 pm
Location: US

Re: WHY is ssh disabled by default..?

Fri Mar 20, 2020 11:33 pm

oldgorilla wrote:
Fri Mar 20, 2020 3:51 pm
# ssh 10.1.1.100 - connection refused.

Check the net... "on Raspbian, ssh is nowadays disabled by default..." WTF? WHY?

I have no way to edit any file on the SD-card. I have no USB keyboard, I have no screen. (Nope, no TV)

RPi-Init is a Windows program that patches a Raspberry Pi image file to perform the following when booted the first time:

1. Optional: Enable SSH (without the need to create an 'ssh' file in the boot partition)

2. Optional: Permit Root Login Via SSH using a specified Password
(If 'Permit Root Login Via SSH' is not selected, initial login must be done through pi:raspberry)

3. Optional: Include Additional Script File (to be executed during the first boot)

No installation is required and no changes are made to your Windows system by RPi-Init.
oldgorilla wrote:
Fri Mar 20, 2020 3:51 pm
Does anybody know if I at least can make the Pi boot from a USB memory?

Running Raspbian from USB Devices : Made Easy

oldgorilla
Posts: 9
Joined: Tue Dec 03, 2019 10:54 am

Re: WHY is ssh disabled by default..?

Sun Mar 22, 2020 7:38 am

jamesh wrote:
Fri Mar 20, 2020 9:50 pm
OK, so let me get this right. You've come on here and launched a bit of a rant. You've been politely informed as to why the decision was made to SSH off the default - a perfectly valid decision under the circumstances. You've now gone on to increase your rant to accuse us of BS and Microsoftism, along with adding a couple of strawman arguments on unrelated and irrelevant issues (which are not even issues).

Have I got that right?

TBH, whether you've been drinking or not, won't affect any decisions on banning. If you need to go, you need to go. Don't blame it on drink.
Sorry, I did not know that is has been an actual issue with having the SSH open.
But I will still blame my ranting on the Grouse.
Back in the cage.
Thanks.

mikerr
Posts: 2825
Joined: Thu Jan 12, 2012 12:46 pm
Location: UK
Contact: Website

Re: WHY is ssh disabled by default..?

Sun Mar 22, 2020 10:32 am

If you have an android phone you can put the micro sd card in that,
then use the files app to create a file called SSH.txt on the card.

(or create a pi sd card from scratch with the android app here:
viewtopic.php?f=63&t=170856 )
Android app - Raspi Card Imager - download and image SD cards - No PC required !

oldgorilla
Posts: 9
Joined: Tue Dec 03, 2019 10:54 am

Re: WHY is ssh disabled by default..?

Mon Mar 23, 2020 11:27 am

All, thank you for all help.
I would also like to apologize for my moaning the other night. In particular to Jamesh.

The thing is that I was so glad and full of expectations - I'd got my new little toy, and really looked forward to play with it during the weekend.
And the mental face-plant when ssh tripped me over made me really sad. I guess the disappointment got the better of me.

Sorry for my ranting.

(Now up and running, btw)

/Gorilla.

User avatar
bensimmo
Posts: 4487
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: WHY is ssh disabled by default..?

Mon Mar 23, 2020 11:51 am

Ignoring the rest of it, as it's all working now.

I will just say something about this
The Pi is used by people that is deep in the 'business', and are supposed to - to some extent - understand what they are doing.
It is not, it was created for education, people who don't know what they are doing and may well be children, teenagers, university people, people at home in their mid-40s or people who have been there done that and learning and passing on knowledge. and of course everything in between. Oh and companies now.

I'm not sure which part of the website made you think that, to me it always gives the opposite impression.
https://www.raspberrypi.org/

Have a good day keep learning and come back with questions and whatever you end up doing with it :-)

fruitoftheloom
Posts: 22694
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: WHY is ssh disabled by default..?

Mon Mar 23, 2020 11:53 am

oldgorilla wrote:
Mon Mar 23, 2020 11:27 am
All, thank you for all help.
I would also like to apologize for my moaning the other night. In particular to Jamesh.

The thing is that I was so glad and full of expectations - I'd got my new little toy, and really looked forward to play with it during the weekend.
And the mental face-plant when ssh tripped me over made me really sad. I guess the disappointment got the better of me.

Sorry for my ranting.

(Now up and running, btw)

/Gorilla.

https://www.raspberrypi.org/about/
Rather than negativity think outside the box !

Asus ChromeBox 3 Celeron is my other computer.

Return to “Raspberry Pi OS”