![]() One word of caution – most Raspberry Pi software (if it was written properly…) should handle having the home directory renamed and carry on working as before, but it is possible that some code may have been written with a hard-coded path to the /home/pi directory, and this will need to be modified in order to work correctly with the renamed user.Īlso, please note that, due to the way the rename-user process involves temporarily creating and logging in as a different user, this process will not work over a VNC connection (which requires you to be logged in as a specific user) you will need to be a local user in order to rename the”pi” user. Once you have entered a new username and password, you will be prompted to restart, and your Raspberry Pi will reboot to the desktop, with your existing user (and your home directory) renamed, but no other changes. As part of this update, we have included a mechanism to do that.Īfter updating as described below, make sure you are logged in as the “pi” user, and then open a terminal window and type sudo rename-userĪfter a brief pause, you will be prompted to reboot, and the Raspberry Pi will then reboot into a cut-down version of the first-boot wizard which only allows you to change the user name and password. Some people, having read the above, may now be wondering whether they can rename the “pi” user on their existing images. This will produce what looks like a string of random characters, which is actually an encrypted version of the supplied password. To generate the encrypted password, the easiest way is to use OpenSSL on a Raspberry Pi that is already running – open a terminal window and enter echo 'mypassword' | openssl passwd -6 -stdin This file should contain a single line of text, consisting of username:encrypted- password – so your desired username, followed immediately by a colon, followed immediately by an encrypted representation of the password you want to use. To set up a user on first boot and bypass the wizard completely, create a file called userconf or userconf.txt in the boot partition of the SD card this is the part of the SD card which can be seen when it is mounted in a Windows or MacOS computer. There are also mechanisms to preconfigure an image without using Imager. So instead of running as an application in the desktop itself as before, the wizard now runs in a dedicated environment at first boot. But the wizard has always been optional – if you pressed “Cancel” on the first page, it just went away and you weren’t forced to use it.įrom now on, working through the wizard is no longer optional, as this is how a user account is created until you create a user account, you cannot log in to the desktop. It was introduced several years ago, and runs on the first boot, configuring international settings, connecting to wireless LAN and installing any software updates it also prompts you to change the default password. The Raspberry Pi setup wizard should be a familiar sight by now. This is in line with the way most operating systems work nowadays, and, while it may cause a few issues where software (and documentation) assumes the existence of the “pi” user, it feels like a sensible change to make at this point. So with this latest release, the default “pi” user is being removed, and instead you will create a user the first time you boot a newly-flashed Raspberry Pi OS image. But nonetheless, it could potentially make a brute-force attack slightly easier, and in response to this, some countries are now introducing legislation to forbid any Internet-connected device from having default login credentials. This isn’t that much of a weakness – just knowing a valid user name doesn’t really help much if someone wants to hack into your system they would also need to know your password, and you’d need to have enabled some form of remote access in the first place. ![]() Up until now, all installs of Raspberry Pi OS have had a default user called “pi”. There is always a balance to be struck, however, as security improvements usually carry a cost in terms of usability, and we have tried to keep the system as convenient to use as possible, while having an acceptable level of security. Over the years, we have gradually ramped up the security of Raspberry Pi OS not in response to particular threats, but more as a general precaution. Cyber-attacks and hacking are, sadly, constantly on the increase, and Raspberry Pi computers are as much a target as any other, just because there are so many of them out there nowadays! One of the things which we spend a lot of time thinking about here at Raspberry Pi is security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |