Code: Select all
I'm always amused when people post messages such as this.It all went without a hitch.
Which is why I described the process I used in testing it. Since the OP did not give much details about the procedure he used when the error occurred, there's not much advice I can offer. But apparently I'm stupid. So since you are so smart, why don't you tell the OP what went wrong with his system?Martin Frezman wrote:I'm always amused when people post messages such as this.
Of COURSE it works at least some of the time (i.e., for some people on some setups) or else it never would have gotten released. Of COURSE, they do test these things (at least a little, heh heh) before they release them.
The trick is figuring out what it is about OP's setup that causes it not to work for them. That's where your attention should be focused.
And without more detail from the OP about how to reproduce the error, exactly what do you expect me to do?Martin Frezman wrote:heh heh - I never said I was smart, just that I was amused.
But I do believe that no help-seeker was ever helped by other people saying either:
1) "Works for me"
2) "You did something wrong"
But then again, that's just me...
To deal with this very problem, the latest update will now look for either "ssh" or "ssh.txt". sudo apt-get update / sudo apt-get dist-upgrade will apply this update on the current image - we'll bundle it into the next official Raspbian release.HawaiianPi wrote:So, if I have to make a guess, I'd say they probably created the "ssh" file on a Windows system with the hide known file extensions setting on, and didn't realize they actually created a file named ssh.txt (which won't work). I didn't put that guess in my first post because that's one of the first settings in Windows I disable when I install it, so I tend to forget it's a problem.
Ha! I must be psychic.spl23 wrote:To deal with this very problem, the latest update will now look for either "ssh" or "ssh.txt". sudo apt-get update / sudo apt-get dist-upgrade will apply this update on the current image - we'll bundle it into the next official Raspbian release.
That seems a far cry from the instructions I read from RaspberryPi.org. Not something the average Pi owner would know to do. Glad you are so erudite.HawaiianPi wrote:It worked for me when I tried it.
I imaged an SD card with 2016-11-25 Raspbian Jessie Lite, copied my wpa_supplicant.conf to /boot along with creating the "ssh" file. Plugged the newly imaged card into my PiZero, plugged in my OTG WiFi dongle and powered it up. After giving it a moment to boot I was able to SSH in, change the default password and reboot, then login again with the new password. Next I created my own user, logged out from pi and back in as my user, disabled the pi user and ran updates.
It all went without a hitch.
Which instructions did you follow on raspberrypi.org?wh7qq wrote:That seems a far cry from the instructions I read from RaspberryPi.org. Not something the average Pi owner would know to do. Glad you are so erudite.
The info on placing an ssh file into /boot came from here:https://www.raspberrypi.org/blog/another-update-raspbian/ wrote:If a wpa_supplicant.conf file is placed into the /boot/ directory, this will be moved to the /etc/wpa_supplicant/ directory the next time the system is booted, overwriting the network settings; this allows a Wifi configuration to be preloaded onto a card from a Windows or other machine that can only see the boot partition.
I'm not sure why the above did not work for you.https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/ wrote:What has changed?
First, from now on SSH will be disabled by default on our images. SSH (Secure SHell) is a networking protocol which allows you to remotely log into a Linux computer and control it from a remote command line. As mentioned above, many Pi owners use it to install a Pi headless (without screen or keyboard) and control it from another PC.
In the past, SSH was enabled by default, so people using their Pi headless could easily update their SD card to a new image. Switching SSH on or off has always required the use of raspi-config or the Raspberry Pi Configuration application, but to access those, you need a screen and keyboard connected to the Pi itself, which is not the case in headless applications. So we’ve provided a simple mechanism for enabling SSH before an image is booted.
The boot partition on a Pi should be accessible from any machine with an SD card reader, on Windows, Mac, or Linux. If you want to enable SSH, all you need to do is to put a file called ssh in the /boot/ directory. The contents of the file don’t matter: it can contain any text you like, or even nothing at all. When the Pi boots, it looks for this file; if it finds it, it enables SSH and then deletes the file. SSH can still be turned on or off from the Raspberry Pi Configuration application or raspi-config; this is simply an additional way to turn it on if you can’t easily run either of those applications.
Please excuse my abysmal ignorance but I remain mystified as to why it did not work for me; but it does occur that the initial instructions were a bit glib or the (supposedly) simple procedure has pitfalls that aren't well understood.I'm not sure why the above did not work for you.
It didn't for me either. I did not exhaustive testing, but I suspect...why it did not work for me;
... that you are right!the (supposedly) simple procedure has pitfalls that aren't well understood.
DING, DING, DING! We have a winner!MartinLaclaustra wrote:It didn't for me either. I did not exhaustive testing, but I suspect...
My first attempt failed: "ssh" file written in "boot" partition before first start... First boot... Powered down unproperly (switched power off)...
Mostly for people who are doing something wrong, and it's pretty hard to fix that.MartinLaclaustra wrote:I hope that someone can do the proper testing, because I believe that this question is creating a lot of confusion and it would be worth fixing.
And they were also highly insecure.MartinLaclaustra wrote:Just a couple of subtle commentaries...
- Previous versions were more ROBUST respect to user "dumbness" in this respect.
Yes, and part of the process is learning how to use the computer properly. Ask most Linux users on this forum and I think you will find that Raspbian already makes too many concessions for the sake of being easier. This is a far less secure operating system than any mainstream Linux distro because of those concessions. They have finally taken a step to fix that, and it's a step in the right direction.MartinLaclaustra wrote:This is an entry level computer for those who start to learn, so you can not expect perfect handling the first time you plug it in.
I have no control over what the devs choose to fix or not. I'm just saying you can't expect them to fix every problem caused by improper use.MartinLaclaustra wrote:Please, HawaiianPi, do not minimize hdoverobinson effort. This is the ONLY thread shedding some light on the problem so far, and it might help desperate users locked out, and may attract some attention from developers (Simon Long).
Sorry, don't agree with you here.HawaiianPi wrote: They have finally taken a step to fix that, and it's a step in the right direction.
The amount of people who open up their Pi to the outside world is very small and all of them should change the password and enable password sudo. Adding sudo in front of everything is not the Foundation's fault, but user's own.fsr wrote:Sorry, don't agree with you here.HawaiianPi wrote: They have finally taken a step to fix that, and it's a step in the right direction.
Agree raspbian has a major security problem but disabling ssh does not improve security at all. It is just sweeping the problem under the carpet. The underlying issues are still there waiting to be exploited when ssh gets enabled.
Specifically these items:
1) sudo for the default 'pi' user is passwordless. (bzzz fail)
2) you are not forced to change the 'pi' password, create a user or anything.
3) the (ab)use of root in day to day activities - 'sudo' is stuck in front of everything.
These are not hard problems to solve, the Foundation has some very smart and capable people working for it. look at all the kernel code that got developed for the 3B. in its current state its only a matter of time before we hear of a rpi bonnet being used for something like this: https://www.engadget.com/2015/10/25/cctv-camera-botnet/
Can you put a figure on that or are you just going with a gut feeling there?kusti8 wrote:The amount of people who open up their Pi to the outside world is very small
The foundation is in the unique position of being able to fix it, being the manufacturer of the hardware and the distributer of the OS. So it certainly is their problem to fix, not the users. How is a user supposed to fix libraries 'that must run as root'?kusti8 wrote:Adding sudo in front of everything is not the Foundation's fault, but user's own.
That IS fixed. If you run python3 RPi.GPIO or python3 GPIOzero or C/C++ WiringPi (with the right enviroment variable) then none of those things need sudo.fsr wrote: e.g. https://www.raspberrypi.org/documentati ... on/more.md
"To control the GPIO pins you'll need root access"
Thats not the users fault, thats just what happens when you release hardware without drivers. So people poked the hardware direct and now the use of root to access peripherals is systemic even though there is no need for it to be like that anymore (there are linux drivers for just about everything now).
I can understand how things like this happened in the early days but it been years now and not dealing with it is giving it credence it shouldn't have.
Code: Select all
$ sudo systemctl status ssh -l ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled) Active: active (running) since Tue 2016-12-20 00:26:53 UTC; 21h ago Main PID: 511 (sshd) CGroup: /system.slice/ssh.service └─511 /usr/sbin/sshd -D Dec 20 00:26:53 raspberrypi systemd: Started OpenBSD Secure Shell server. Dec 20 00:26:53 raspberrypi sshd: Server listening on 0.0.0.0 port 22. Dec 20 00:26:53 raspberrypi sshd: Server listening on :: port 22.
Partially fixedDougieLawson wrote:That IS fixed. If you run python3 RPi.GPIO or python3 GPIOzero or C/C++ WiringPi (with the right enviroment variable) then none of those things need sudo.
https://censys.io/ipv4?q=raspbiankusti8 wrote:The amount of people who open up their Pi to the outside world is very small and