Stop shipping with insecure credentials #5
Labels
Comments
|
This is indeed a tricky one. Raspbian and most distro's I saw, come with a default password too (not for root, but the pi-user can sudo to root with the default password). And since it's headless by default, it is difficult to change, unless I create a configuration option from within the webinterface. |
|
Testing on my own raspi which I recently received it seems the default image gives you a non headlease debian configuration menu that allows you to change passwords etc. Perhaps something similar could be possible? |
|
partly fixed in 0.4, with options to set a password, and no default SSH login. closing for now |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a bit of a tricky one to get right given the potentially inexperienced users and the nature of the image. One option might be to randomly generate a password on the first boot, set it and print it during each subsequent boot. Then once the password is changed we stop printing it.
Would make it a bit harder the first time someone wants to login but much better in the long run. Of course this idea is only one of many possible ways of solving this.
The text was updated successfully, but these errors were encountered: