Topics

8Gb RPI4 info.

Teton Amateur Radio Repeater Association (TARRA)
 

> Thanks that is good idea, of just adding adding a user and keeping the
> Pi user id too.
Leaves a door for the hackers to come in.

Mick - W7CAT

----- Original Message -----
From: Marty Hartwell
To: RaspberryPi-4-HamRadio@groups.io
Sent: Tuesday, June 09, 2020 08:35:29 AM
Subject: Re: [RaspberryPi-4-HamRadio] 8Gb RPI4 info...

> Hi
>
> Thanks that is good idea, of just adding adding a user and keeping the
> Pi user id too. I haven't
>
> used a windows PC for years on a regular basis, and also haven't been a
> system admin on Unix
>
> for over 20 years now and there have been a lot of changes in that
> amount of time. I do
>
> remember quite a lot though. I was just hoping there might be some write
> up on some pitfalls
>
> to watch out for.
>
> Marty kd8bj
>
>
> On 6/8/20 5:09 PM, N5XMT wrote:
> > You would add a user.  Trying to change the name of a user will
> > possibly cause issues down the road with permissions.  If you are
> > wanting to use it to replace a windows PC, I would suggest finding an
> > introductory Linux book to read to familiarize yourself a bit first.
> >
> > Get BlueMail for Android
> > On Jun 8, 2020, at 13:17, Marty Hartwell > > > wrote:
> >
> > Ok, good to know, I guess I should of known that but didn't even
> > consider it.
> >
> > The subject line I guess made me question.
> >
> > Thanks, I am thinking of replacing a laptop with one of the 8 GB
> > ones for the
> >
> > home PC.
> >
> > Does anyone know of a link to a description on how to change the
> > user id from pi
> >
> > to something else. I don't want to make it multi  user, just the
> > user so it looks more
> >
> > like my laptop currently does.
> >
> >
> > Marty
> >
> >
> > On 6/8/20 3:11 PM, N5XMT wrote:
> >> They are all 64 bit ones.  Even the 3B and 3B+ are 64 bit
> >> architecture
> >>
> >>
> >> On Mon, Jun 8, 2020 at 12:19 PM Marty Hartwell <
> >> mhartwe@... > wrote:
> >>
> >> Hi Joe
> >>
> >> Is it one of the 64bit ones?
> >>
> >>
> >> Marty kd8bj
> >>
> >> On 6/8/20 1:15 PM, Joe, KO8V wrote:
> >>> Just had one delivered today from CanaKit.
> >>>
> >>> --
> >>> 73
> >>> Joe, KO8V
> >>
> >
>
>
>
>
--

 

0

Marty Hartwell
 

I guess I don't see how it is any more insecure, especially if one changes the

default password for the pi user as we are told to do. That plus having a decent

password should be as secure as if the user is left as pi.

Marty kd8bj


On 6/9/20 9:53 AM, Teton Amateur Radio Repeater Association (TARRA) wrote:

> Thanks that is good idea, of just adding adding a user and keeping the
> Pi user id too.
Leaves a door for the hackers to come in.
Mick - W7CAT

----- Original Message -----
From: Marty Hartwell
To: RaspberryPi-4-HamRadio@groups.io
Sent: Tuesday, June 09, 2020 08:35:29 AM
Subject: Re: [RaspberryPi-4-HamRadio] 8Gb RPI4 info...

> Hi
>
> Thanks that is good idea, of just adding adding a user and keeping the
> Pi user id too. I haven't
>
> used a windows PC for years on a regular basis, and also haven't been a
> system admin on Unix
>
> for over 20 years now and there have been a lot of changes in that
> amount of time. I do
>
> remember quite a lot though. I was just hoping there might be some write
> up on some pitfalls
>
> to watch out for.
>
> Marty kd8bj
>
>
> On 6/8/20 5:09 PM, N5XMT wrote:
> > You would add a user.  Trying to change the name of a user will
> > possibly cause issues down the road with permissions.  If you are
> > wanting to use it to replace a windows PC, I would suggest finding an
> > introductory Linux book to read to familiarize yourself a bit first.
> >
> > Get BlueMail for Android
> > On Jun 8, 2020, at 13:17, Marty Hartwell > > > wrote:
> >
> > Ok, good to know, I guess I should of known that but didn't even
> > consider it.
> >
> > The subject line I guess made me question.
> >
> > Thanks, I am thinking of replacing a laptop with one of the 8 GB
> > ones for the
> >
> > home PC.
> >
> > Does anyone know of a link to a description on how to change the
> > user id from pi
> >
> > to something else. I don't want to make it multi  user, just the
> > user so it looks more
> >
> > like my laptop currently does.
> >
> >
> > Marty
> >
> >
> > On 6/8/20 3:11 PM, N5XMT wrote:
> >> They are all 64 bit ones.  Even the 3B and 3B+ are 64 bit
> >> architecture
> >>
> >>
> >> On Mon, Jun 8, 2020 at 12:19 PM Marty Hartwell <
> >> mhartwe@... > wrote:
> >>
> >> Hi Joe
> >>
> >> Is it one of the 64bit ones?
> >>
> >>
> >> Marty kd8bj
> >>
> >> On 6/8/20 1:15 PM, Joe, KO8V wrote:
> >>> Just had one delivered today from CanaKit.
> >>>
> >>> --
> >>> 73
> >>> Joe, KO8V
> >>
> >
>
>
>
>
--

 
0

Teton Amateur Radio Repeater Association (TARRA)
 

You need to have two things to log in; username and password. So why provide half of what they need? It's your system, do as you like.

Mick - W7CAT

----- Original Message -----
From: Marty Hartwell
To: RaspberryPi-4-HamRadio@groups.io
Sent: Tuesday, June 09, 2020 09:02:19 AM
Subject: Re: [RaspberryPi-4-HamRadio] 8Gb RPI4 info.

> I guess I don't see how it is any more insecure, especially if one
> changes the
>
> default password for the pi user as we are told to do. That plus having
> a decent
>
> password should be as secure as if the user is left as pi.
>
> Marty kd8bj
>
>
> On 6/9/20 9:53 AM, Teton Amateur Radio Repeater Association (TARRA) wrote:
> >
> >> > Thanks that is good idea, of just adding adding a user and keeping the
> >> > Pi user id too.
> > Leaves a door for the hackers to come in.
> > Mick - W7CAT
> >
> > ----- Original Message -----
> > From: Marty Hartwell
> > To: RaspberryPi-4-HamRadio@groups.io
> > Sent: Tuesday, June 09, 2020 08:35:29 AM
> > Subject: Re: [RaspberryPi-4-HamRadio] 8Gb RPI4 info...
> >
> > > Hi
> > >
> > > Thanks that is good idea, of just adding adding a user and keeping the
> > > Pi user id too. I haven't
> > >
> > > used a windows PC for years on a regular basis, and also haven't been a
> > > system admin on Unix
> > >
> > > for over 20 years now and there have been a lot of changes in that
> > > amount of time. I do
> > >
> > > remember quite a lot though. I was just hoping there might be some
> > write
> > > up on some pitfalls
> > >
> > > to watch out for.
> > >
> > > Marty kd8bj
> > >
> > >
> > > On 6/8/20 5:09 PM, N5XMT wrote:
> > > > You would add a user.  Trying to change the name of a user will
> > > > possibly cause issues down the road with permissions. If you are
> > > > wanting to use it to replace a windows PC, I would suggest finding an
> > > > introductory Linux book to read to familiarize yourself a bit first.
> > > >
> > > > Get BlueMail for Android
> > > > On Jun 8, 2020, at 13:17, Marty Hartwell > > > wrote:
> > > >
> > > > Ok, good to know, I guess I should of known that but didn't even
> > > > consider it.
> > > >
> > > > The subject line I guess made me question.
> > > >
> > > > Thanks, I am thinking of replacing a laptop with one of the 8 GB
> > > > ones for the
> > > >
> > > > home PC.
> > > >
> > > > Does anyone know of a link to a description on how to change the
> > > > user id from pi
> > > >
> > > > to something else. I don't want to make it multi  user, just the
> > > > user so it looks more
> > > >
> > > > like my laptop currently does.
> > > >
> > > >
> > > > Marty
> > > >
> > > >
> > > > On 6/8/20 3:11 PM, N5XMT wrote:
> > > >> They are all 64 bit ones.  Even the 3B and 3B+ are 64 bit
> > > >> architecture
> > > >>
> > > >>
> > > >> On Mon, Jun 8, 2020 at 12:19 PM Marty Hartwell <
> > > >> mhartwe@... > wrote:
> > > >>
> > > >> Hi Joe
> > > >>
> > > >> Is it one of the 64bit ones?
> > > >>
> > > >>
> > > >> Marty kd8bj
> > > >>
> > > >> On 6/8/20 1:15 PM, Joe, KO8V wrote:
> > > >>> Just had one delivered today from CanaKit.
> > > >>>
> > > >>> --
> > > >>> 73
> > > >>> Joe, KO8V
> > > >>
> > > >
> > >
> > >
> > >
> > >
> > --
> > Untitled Document
> >
> >
> > 0
> >
>
>
>
>
--

 

0

Marty Hartwell
 

Well I don't see how you can provide an added user with out a user name and a password

all part of the standard procedure. Done with an admin tool called adduser.

Marty kd8bj


On 6/9/20 10:06 AM, Teton Amateur Radio Repeater Association (TARRA) wrote:

You need to have two things to log in; username and password. So why provide half of what they need? It's your system, do as you like.

Mick - W7CAT

----- Original Message -----
From: Marty Hartwell
To: RaspberryPi-4-HamRadio@groups.io
Sent: Tuesday, June 09, 2020 09:02:19 AM
Subject: Re: [RaspberryPi-4-HamRadio] 8Gb RPI4 info.

> I guess I don't see how it is any more insecure, especially if one
> changes the
>
> default password for the pi user as we are told to do. That plus having
> a decent
>
> password should be as secure as if the user is left as pi.
>
> Marty kd8bj
>
>
> On 6/9/20 9:53 AM, Teton Amateur Radio Repeater Association (TARRA) wrote:
> >
> >> > Thanks that is good idea, of just adding adding a user and keeping the
> >> > Pi user id too.
> > Leaves a door for the hackers to come in.
> > Mick - W7CAT
> >
> > ----- Original Message -----
> > From: Marty Hartwell
> > To: RaspberryPi-4-HamRadio@groups.io
> > Sent: Tuesday, June 09, 2020 08:35:29 AM
> > Subject: Re: [RaspberryPi-4-HamRadio] 8Gb RPI4 info...
> >
> > > Hi
> > >
> > > Thanks that is good idea, of just adding adding a user and keeping the
> > > Pi user id too. I haven't
> > >
> > > used a windows PC for years on a regular basis, and also haven't been a
> > > system admin on Unix
> > >
> > > for over 20 years now and there have been a lot of changes in that
> > > amount of time. I do
> > >
> > > remember quite a lot though. I was just hoping there might be some
> > write
> > > up on some pitfalls
> > >
> > > to watch out for.
> > >
> > > Marty kd8bj
> > >
> > >
> > > On 6/8/20 5:09 PM, N5XMT wrote:
> > > > You would add a user.  Trying to change the name of a user will
> > > > possibly cause issues down the road with permissions. If you are
> > > > wanting to use it to replace a windows PC, I would suggest finding an
> > > > introductory Linux book to read to familiarize yourself a bit first.
> > > >
> > > > Get BlueMail for Android
> > > > On Jun 8, 2020, at 13:17, Marty Hartwell > > > wrote:
> > > >
> > > > Ok, good to know, I guess I should of known that but didn't even
> > > > consider it.
> > > >
> > > > The subject line I guess made me question.
> > > >
> > > > Thanks, I am thinking of replacing a laptop with one of the 8 GB
> > > > ones for the
> > > >
> > > > home PC.
> > > >
> > > > Does anyone know of a link to a description on how to change the
> > > > user id from pi
> > > >
> > > > to something else. I don't want to make it multi  user, just the
> > > > user so it looks more
> > > >
> > > > like my laptop currently does.
> > > >
> > > >
> > > > Marty
> > > >
> > > >
> > > > On 6/8/20 3:11 PM, N5XMT wrote:
> > > >> They are all 64 bit ones.  Even the 3B and 3B+ are 64 bit
> > > >> architecture
> > > >>
> > > >>
> > > >> On Mon, Jun 8, 2020 at 12:19 PM Marty Hartwell <
> > > >> mhartwe@... > wrote:
> > > >>
> > > >> Hi Joe
> > > >>
> > > >> Is it one of the 64bit ones?
> > > >>
> > > >>
> > > >> Marty kd8bj
> > > >>
> > > >> On 6/8/20 1:15 PM, Joe, KO8V wrote:
> > > >>> Just had one delivered today from CanaKit.
> > > >>>
> > > >>> --
> > > >>> 73
> > > >>> Joe, KO8V
> > > >>
> > > >
> > >
> > >
> > >
> > >
> > --
> > Untitled Document
> >
> >
> > 0
> >
>
>
>
>
--

 
0

N5XMT
 

Not if you change the pi password, like you should do even if that is the only account you use


On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@...> wrote:

> Thanks that is good idea, of just adding adding a user and keeping the
> Pi user id too.
Leaves a door for the hackers to come in.

Mick - W7CAT

----- Original Message -----
From: Marty Hartwell
To: RaspberryPi-4-HamRadio@groups.io
Sent: Tuesday, June 09, 2020 08:35:29 AM
Subject: Re: [RaspberryPi-4-HamRadio] 8Gb RPI4 info...

> Hi
>
> Thanks that is good idea, of just adding adding a user and keeping the
> Pi user id too. I haven't
>
> used a windows PC for years on a regular basis, and also haven't been a
> system admin on Unix
>
> for over 20 years now and there have been a lot of changes in that
> amount of time. I do
>
> remember quite a lot though. I was just hoping there might be some write
> up on some pitfalls
>
> to watch out for.
>
> Marty kd8bj
>
>
> On 6/8/20 5:09 PM, N5XMT wrote:
> > You would add a user.  Trying to change the name of a user will
> > possibly cause issues down the road with permissions.  If you are
> > wanting to use it to replace a windows PC, I would suggest finding an
> > introductory Linux book to read to familiarize yourself a bit first.
> >
> > Get BlueMail for Android
> > On Jun 8, 2020, at 13:17, Marty Hartwell > > > wrote:
> >
> > Ok, good to know, I guess I should of known that but didn't even
> > consider it.
> >
> > The subject line I guess made me question.
> >
> > Thanks, I am thinking of replacing a laptop with one of the 8 GB
> > ones for the
> >
> > home PC.
> >
> > Does anyone know of a link to a description on how to change the
> > user id from pi
> >
> > to something else. I don't want to make it multi  user, just the
> > user so it looks more
> >
> > like my laptop currently does.
> >
> >
> > Marty
> >
> >
> > On 6/8/20 3:11 PM, N5XMT wrote:
> >> They are all 64 bit ones.  Even the 3B and 3B+ are 64 bit
> >> architecture
> >>
> >>
> >> On Mon, Jun 8, 2020 at 12:19 PM Marty Hartwell <
> >> mhartwe@... > wrote:
> >>
> >> Hi Joe
> >>
> >> Is it one of the 64bit ones?
> >>
> >>
> >> Marty kd8bj
> >>
> >> On 6/8/20 1:15 PM, Joe, KO8V wrote:
> >>> Just had one delivered today from CanaKit.
> >>>
> >>> --
> >>> 73
> >>> Joe, KO8V
> >>
> >
>
>
>
>
--

 

0

N5XMT
 

Well, you can't remove the root account, and it is always there on every Linux system.
Having been in IT for over 30 years, by your reasoning, why have any accounts?  makes it 100% secure...

On Tue, Jun 9, 2020 at 8:06 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@...> wrote:

You need to have two things to log in; username and password. So why provide half of what they need? It's your system, do as you like.

Mick - W7CAT

----- Original Message -----
From: Marty Hartwell
To: RaspberryPi-4-HamRadio@groups.io
Sent: Tuesday, June 09, 2020 09:02:19 AM
Subject: Re: [RaspberryPi-4-HamRadio] 8Gb RPI4 info.

> I guess I don't see how it is any more insecure, especially if one
> changes the
>
> default password for the pi user as we are told to do. That plus having
> a decent
>
> password should be as secure as if the user is left as pi.
>
> Marty kd8bj
>
>
> On 6/9/20 9:53 AM, Teton Amateur Radio Repeater Association (TARRA) wrote:
> >
> >> > Thanks that is good idea, of just adding adding a user and keeping the
> >> > Pi user id too.
> > Leaves a door for the hackers to come in.
> > Mick - W7CAT
> >
> > ----- Original Message -----
> > From: Marty Hartwell
> > To: RaspberryPi-4-HamRadio@groups.io
> > Sent: Tuesday, June 09, 2020 08:35:29 AM
> > Subject: Re: [RaspberryPi-4-HamRadio] 8Gb RPI4 info...
> >
> > > Hi
> > >
> > > Thanks that is good idea, of just adding adding a user and keeping the
> > > Pi user id too. I haven't
> > >
> > > used a windows PC for years on a regular basis, and also haven't been a
> > > system admin on Unix
> > >
> > > for over 20 years now and there have been a lot of changes in that
> > > amount of time. I do
> > >
> > > remember quite a lot though. I was just hoping there might be some
> > write
> > > up on some pitfalls
> > >
> > > to watch out for.
> > >
> > > Marty kd8bj
> > >
> > >
> > > On 6/8/20 5:09 PM, N5XMT wrote:
> > > > You would add a user.  Trying to change the name of a user will
> > > > possibly cause issues down the road with permissions. If you are
> > > > wanting to use it to replace a windows PC, I would suggest finding an
> > > > introductory Linux book to read to familiarize yourself a bit first.
> > > >
> > > > Get BlueMail for Android
> > > > On Jun 8, 2020, at 13:17, Marty Hartwell > > > wrote:
> > > >
> > > > Ok, good to know, I guess I should of known that but didn't even
> > > > consider it.
> > > >
> > > > The subject line I guess made me question.
> > > >
> > > > Thanks, I am thinking of replacing a laptop with one of the 8 GB
> > > > ones for the
> > > >
> > > > home PC.
> > > >
> > > > Does anyone know of a link to a description on how to change the
> > > > user id from pi
> > > >
> > > > to something else. I don't want to make it multi  user, just the
> > > > user so it looks more
> > > >
> > > > like my laptop currently does.
> > > >
> > > >
> > > > Marty
> > > >
> > > >
> > > > On 6/8/20 3:11 PM, N5XMT wrote:
> > > >> They are all 64 bit ones.  Even the 3B and 3B+ are 64 bit
> > > >> architecture
> > > >>
> > > >>
> > > >> On Mon, Jun 8, 2020 at 12:19 PM Marty Hartwell <
> > > >> mhartwe@... > wrote:
> > > >>
> > > >> Hi Joe
> > > >>
> > > >> Is it one of the 64bit ones?
> > > >>
> > > >>
> > > >> Marty kd8bj
> > > >>
> > > >> On 6/8/20 1:15 PM, Joe, KO8V wrote:
> > > >>> Just had one delivered today from CanaKit.
> > > >>>
> > > >>> --
> > > >>> 73
> > > >>> Joe, KO8V
> > > >>
> > > >
> > >
> > >
> > >
> > >
> > --
> > Untitled Document
> >
> >
> > 0
> >
>
>
>
>
--

 

0

 

As always the pi user should be given a new, more secure password.

On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@...> wrote:

> Thanks that is good idea, of just adding adding a user and keeping the
> Pi user id too.
Leaves a door for the hackers to come in.

Mick - W7CAT



--
John D. Hays
Kingston, WA
K7VE

 

Chuck M
 

How secure does it need to be?  If only running ham programs, turned off otherwise, have simple password.

If running personal stuff, or others have access, then more security is needed.

If testing applications, suggest keeping it very simple.  Also if trying different installs on separate cards, makes it easier to keep track.

What ever makes sense to you.

73
Chuck
KD9DVB



On Tue, Jun 9, 2020 at 11:36 AM, John D Hays - K7VE
<john@...> wrote:
As always the pi user should be given a new, more secure password.

On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@...> wrote:

> Thanks that is good idea, of just adding adding a user and keeping the
> Pi user id too.
Leaves a door for the hackers to come in.

Mick - W7CAT



--
John D. Hays
Kingston, WA
K7VE

 

Mike Short
 

Safest system is one that when you log in it shuts down 

On Tue, Jun 9, 2020 at 10:36 John D Hays - K7VE <john@...> wrote:
As always the pi user should be given a new, more secure password.

On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@...> wrote:

> Thanks that is good idea, of just adding adding a user and keeping the
> Pi user id too.
Leaves a door for the hackers to come in.

Mick - W7CAT



--
John D. Hays
Kingston, WA
K7VE

 

Ray Wells
 

Ever since I first started using the Pi SBC in 2013 I've created a new user account and given it sudo capability. I also create a password for root, and then remove user Pi because there are hundreds of thousands of computers using that user name by default.

Computer security is about making it as difficult as you can for a potential intrusion. If you keep user Pi the door is only closed, not locked, and a hacker is halfway into your computer with just one thing to guess, a password, instead of two things, a user name and a password. Make it difficult, make the hackers pick on someone else, with an unlocked door.

Ray vk2tv

On 10/6/20 1:35 am, John D Hays - K7VE wrote:
As always the pi user should be given a new, more secure password.

On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@... <mailto:tarra@...>> wrote:

> Thanks that is good idea, of just adding adding a user and
keeping the
> Pi user id too.
Leaves a door for the hackers to come in.
Mick - W7CAT



--
John D. Hays
Kingston, WA
K7VE


Charles Gallo
 

Actually, I gather best practice is not to REMOVE the user Pi, but to disable the account


Charlie
73 de KG2V
Http://www.thegallos.com

On Jun 9, 2020, at 6:35 PM, Ray Wells <vk2tv@...> wrote:

Ever since I first started using the Pi SBC in 2013 I've created a new user account and given it sudo capability. I also create a password for root, and then remove user Pi because there are hundreds of thousands of computers using that user name by default.

Computer security is about making it as difficult as you can for a potential intrusion. If you keep user Pi the door is only closed, not locked, and a hacker is halfway into your computer with just one thing to guess, a password, instead of two things, a user name and a password. Make it difficult, make the hackers pick on someone else, with an unlocked door.

Ray vk2tv

On 10/6/20 1:35 am, John D Hays - K7VE wrote:
As always the pi user should be given a new, more secure password.

On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@... <mailto:tarra@...>> wrote:

> Thanks that is good idea, of just adding adding a user and
keeping the
> Pi user id too.
Leaves a door for the hackers to come in.
Mick - W7CAT



--
John D. Hays
Kingston, WA
K7VE





Ray Wells
 

I do, completely <grin>

Ray vk2tv

On 10/6/20 8:50 am, Charles Gallo wrote:
Actually, I gather best practice is not to REMOVE the user Pi, but to disable the account


Charlie
73 de KG2V
Http://www.thegallos.com


On Jun 9, 2020, at 6:35 PM, Ray Wells <vk2tv@...> wrote:

Ever since I first started using the Pi SBC in 2013 I've created a new user account and given it sudo capability. I also create a password for root, and then remove user Pi because there are hundreds of thousands of computers using that user name by default.

Computer security is about making it as difficult as you can for a potential intrusion. If you keep user Pi the door is only closed, not locked, and a hacker is halfway into your computer with just one thing to guess, a password, instead of two things, a user name and a password. Make it difficult, make the hackers pick on someone else, with an unlocked door.

Ray vk2tv

On 10/6/20 1:35 am, John D Hays - K7VE wrote:
As always the pi user should be given a new, more secure password.

On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@... <mailto:tarra@...>> wrote:

> Thanks that is good idea, of just adding adding a user and
keeping the
> Pi user id too.
Leaves a door for the hackers to come in.
Mick - W7CAT



--
John D. Hays
Kingston, WA
K7VE




 


Also when I took the industrial espinage countermeasures course, the first rule of security was simply make it more expensive to break in than the value of the item being sought.

--
John D. Hays
Kingston, WA
K7VE

 

David Ranch
 


Hey Ray,

Those are very good steps and will dramatically lower your security risks.  Other good practices include:

   - Keep your system patched?  It's not getting patches anymore?  Time to upgrade

   - Move away from passwords and only use passphrased SSH keys

   - Consider moving your SSH port away from 22 to something non-standard (this helps a lot for hosts directly on the Internet)

   - If possible, only allow remote administration from known trusted remote hosts (use something like IPTABLES)

   - Consider installing fail2ban which permanently blocks repeat offending IPs : A more fun design is to setup a "tarpit" so it slows them WAY down and consumes their resources


--David
KI6ZHD


On 06/09/2020 03:34 PM, Ray Wells wrote:
Ever since I first started using the Pi SBC in 2013 I've created a new user account and given it sudo capability. I also create a password for root, and then remove user Pi because there are hundreds of thousands of computers using that user name by default.

Computer security is about making it as difficult as you can for a potential intrusion. If you keep user Pi the door is only closed, not locked, and a hacker is halfway into your computer with just one thing to guess, a password, instead of two things, a user name and a password. Make it difficult, make the hackers pick on someone else, with an unlocked door.

Ray vk2tv

On 10/6/20 1:35 am, John D Hays - K7VE wrote:
As always the pi user should be given a new, more secure password.

On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@... <mailto:tarra@...>> wrote:

    > Thanks that is good idea, of just adding adding a user and
    keeping the
    > Pi user id too.
    Leaves a door for the hackers to come in.
    Mick - W7CAT



-- 
John D. Hays
Kingston, WA
K7VE







Ray Wells
 

Hi David,

Thanks for the additional pointers.

Ray vk2tv

On 10/6/20 9:25 am, David Ranch wrote:

Hey Ray,

Those are very good steps and will dramatically lower your security risks.  Other good practices include:

   - Keep your system patched?  It's not getting patches anymore?  Time to upgrade

   - Move away from passwords and only use passphrased SSH keys

   - Consider moving your SSH port away from 22 to something non-standard (this helps a lot for hosts directly on the Internet)

   - If possible, only allow remote administration from known trusted remote hosts (use something like IPTABLES)

   - Consider installing fail2ban which permanently blocks repeat offending IPs : A more fun design is to setup a "tarpit" so it slows them WAY down and consumes their resources


--David
KI6ZHD


On 06/09/2020 03:34 PM, Ray Wells wrote:
Ever since I first started using the Pi SBC in 2013 I've created a new user account and given it sudo capability. I also create a password for root, and then remove user Pi because there are hundreds of thousands of computers using that user name by default.

Computer security is about making it as difficult as you can for a potential intrusion. If you keep user Pi the door is only closed, not locked, and a hacker is halfway into your computer with just one thing to guess, a password, instead of two things, a user name and a password. Make it difficult, make the hackers pick on someone else, with an unlocked door.

Ray vk2tv

On 10/6/20 1:35 am, John D Hays - K7VE wrote:
As always the pi user should be given a new, more secure password.

On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@... <mailto:tarra@...>> wrote:

    > Thanks that is good idea, of just adding adding a user and
    keeping the
    > Pi user id too.
    Leaves a door for the hackers to come in.
    Mick - W7CAT



--
John D. Hays
Kingston, WA
K7VE



Charles Gallo
 

Right now I have a wide open RPi compute module based device on my desk at work. Behind a firewall, and typically restarted about every 5-10 minutes as I develop code talking to devices on the I2C bus.  Obviously when we actually use it, it’ll be locked down, but probably when we ship it to customers, it’ll be default so the client can set it up. In fact, on our existing product, we give the software away, and tell the clients “feel free to supply your own RPi” ( we sell the I2C devices)

--  
73 de KG2V
Charlie

On Jun 9, 2020, at 7:26 PM, David Ranch <rpi4hamradio-groupsio@...> wrote:


Hey Ray,

Those are very good steps and will dramatically lower your security risks.  Other good practices include:

   - Keep your system patched?  It's not getting patches anymore?  Time to upgrade

   - Move away from passwords and only use passphrased SSH keys

   - Consider moving your SSH port away from 22 to something non-standard (this helps a lot for hosts directly on the Internet)

   - If possible, only allow remote administration from known trusted remote hosts (use something like IPTABLES)

   - Consider installing fail2ban which permanently blocks repeat offending IPs : A more fun design is to setup a "tarpit" so it slows them WAY down and consumes their resources


--David
KI6ZHD


On 06/09/2020 03:34 PM, Ray Wells wrote:
Ever since I first started using the Pi SBC in 2013 I've created a new user account and given it sudo capability. I also create a password for root, and then remove user Pi because there are hundreds of thousands of computers using that user name by default.

Computer security is about making it as difficult as you can for a potential intrusion. If you keep user Pi the door is only closed, not locked, and a hacker is halfway into your computer with just one thing to guess, a password, instead of two things, a user name and a password. Make it difficult, make the hackers pick on someone else, with an unlocked door.

Ray vk2tv

On 10/6/20 1:35 am, John D Hays - K7VE wrote:
As always the pi user should be given a new, more secure password.

On Tue, Jun 9, 2020 at 7:53 AM Teton Amateur Radio Repeater Association (TARRA) <tarra@... <mailto:tarra@...>> wrote:

    > Thanks that is good idea, of just adding adding a user and
    keeping the
    > Pi user id too.
    Leaves a door for the hackers to come in.
    Mick - W7CAT



-- 
John D. Hays
Kingston, WA
K7VE