No need to panic. An upcoming update will address the false positives.njspix wrote:So I am using a headless RPi as a Samba server on my local network. I have deleted the pi user (using userdel if I remember correctly). I configured SSH to run on an uncommon port, and use key authentication. I then port-forwarded the machine. A couple of days ago I updated the Pi and when I connected to it this morning (from a remote location) I got the warning message about the pi password being set to default. I panicked and immediately shutdown the pi after logging in.
I'm confused because as far as I know, the pi account doesn't even exist anymore. Is this just a little semantic mix-up, or did the pi account somehow get reinstated? If so, I'm guessing I should assume the machine is compromised?
By the way, RPi is my introduction to Linux. I don't know much...yet. So any advice would be helpful.
Also, good job securing SSH properly (a password change alone is the bare minimum). Hope you've used fail2ban as well.