Article <tvai6l-5kh2.ln1@q957.zbmc.eu>

Deutsch English Français Italiano
<tvai6l-5kh2.ln1@q957.zbmc.eu>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Chris Green <cl@isbd.net>
Newsgroups: comp.sys.raspberry-pi
Subject: Re: Headless Pi 4B problems - continued
Date: Sun, 26 Jan 2025 18:20:13 +0000
Lines: 54
Message-ID: <tvai6l-5kh2.ln1@q957.zbmc.eu>
References: <j5gh6l-upd2.ln1@q957.zbmc.eu> <vn5qfh$3v2v6$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net 6P4gPVRi6fAH9f5ExgE51wOGdmnUEIbbKR1P9LcdRpCyzNn9Q=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:GNQ9soX9r/FzjMGxiPDOJ+W+lmc= sha256:ruXn3I795GO5NuiuLTcjFRdF8cpnU/9HFGB2rJr1pMY=
User-Agent: tin/2.6.2-20221225 ("Pittyvaich") (Linux/6.1.0-29-amd64 (x86_64))
Bytes: 2921

Knute Johnson <knute2024@585ranch.com> wrote:
> 
> On 1/26/25 04:42, Chris Green wrote:
> > This is getting ridiculous!
> > 
> > Once upon a time one just copied an image to a card, enabled ssh and
> > hey presto, you could log in as user pi with password raspberry.
> > 
> > No chance now.
> > 
> > I would point out that I'm not, in general, a complete numpty.  I've
> > been using Pis (and other similar things) for many many years.
> > 
> > 
> > So, having found out why the above simple approach doesn't work I have
> > tried:-
> > 
> >      Use rpi-imager, wasted first attempt because it wasn't obvious where
> >      one entered user/password.  Second attempt seemed to boot the Pi
> >      OK but it never appeared on my LAN so not much help there. (At
> >      least my first dd copied image appeared on the LAN)
> > 
> >      Manually editing userconf.txt with my /etc/shadow encrypted
> >      password from my Linux box got to a login prompt but the password
> >      is somehow wrong.
> > 
> >      Finally I managed to get a login working by creating a
> >      ~/.ssh/authorized keys file with the public key from my Linux
> >      system in it.  Phew!
> > 
> I can offer some suggestions: use version 1.85 of the Imager program. 

That is the version I'm using.


> It has solved some of the password entry issues of the older version. 
> Also it allows you to use a different user name than pi, but I like pi 
> so I use it.  Use the latest Raspberry Pi OS, either 64 or 32 bit as 
> appropriate.
> 
It's just over-complicated for something which should really be quite
simple.

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis?  Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one.  Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.

-- 
Chris Green
·