On Thursday, February 16, 2017 10:08:31 AM PST Jason KG4WSV wrote: > > On Feb 16, 2017, at 9:19 AM, Den <[email protected]> wrote: > > > > I'll let you explore how to create a root password, which I recommend. > > Obviously those with more knowledge think we commoners, and the owner of > > the Pi, should not use. > Well, the problem was that you shot yourself in the foot by running > something as root. Maybe they're onto something. > > sudo is configured on by default for the pi user. Use of sudo instead of > using a full root shell (su or sudo bash) or even worse logging in a root > is considered best practice for security reasons. Using sudo allows minimal > privilege escalation to accomplish a task and consequently minimizes risk. > > If your pi is to be exposed to the internet, or maybe even on a home > network, the passwords _should_ be changed for both the pi and root users. > Default passwords are extremely insecure - there are days when I see over > 10k brute force login attempts against a dozen or so systems, where > attackers are looking for me and my users to rely on default or dumb > passwords.
And one additional item to add to Jasons excellent comment. Never, never, never put a pi on the internet without either putting it behind a firewall or installing the appropriate firewall rules on the pi itself. Out of the box there is NO protection other than your password and those are far to easy to crack. Put it behind your home router, or better yet put it on it's own subnet, and enable a port forward if you must have Internet access. And for good measure, pick some other port number instead of the standard ssh port that everyone attacks and have that on the Internet facing side. The shear number of attacks on standard ports is incredible and if you have a system or two directly on the Internet, like I do, you put into place all kinds of additional tools to combat the bad guys. For most casual use putting your RPi behind your home firewall and perhaps forwarding a port or two works, but be careful. There are far too many compromised devices out there and it's getting worse. -- Ken - N7IPB Email: [email protected] JID: [email protected] PGP Sig: F42B EF90 3CD3 31C7 3056 122E 993A 7B2E 5138 C42A “I never am really satisfied that I understand anything; because, understand it well as I may, my comprehension can only be an infinitesimal fraction of all I want to understand” -Ada Lovelace
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Xastir mailing list [email protected] http://xastir.org/mailman/listinfo/xastir
