Skip to content

SSH insecure by default #453

Closed
Closed
@cyclotron3k

Description

SSH is enabled by default, the default login details are widely published. People are exposing their RasPlex installs to the web.

Even if they aren't putting them in a DMZ, or otherwise exposing them to the web, it's still horribly insecure by default.

Bizarrely, you're prevented from changing the default password because passwd is missing.

Possible solutions:
a) Make SSH off by default, force a password to be set the first time SSH is enabled
b) Generate a random password and show it in settings.

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions