raspberrypi:rpi4_bullsey
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
raspberrypi:rpi4_bullsey [2022/06/19 15:41] Ilias Iliopoulos |
raspberrypi:rpi4_bullsey [2024/02/02 21:51] (current) Ilias Iliopoulos |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Headless setup in Raspberry Pi OS Lite bullseye fails: Permission denied ====== | ====== Headless setup in Raspberry Pi OS Lite bullseye fails: Permission denied ====== | ||
| - | A surprise is expecting users of the Raspberry Pi who will try to install Raspberry Pi OS Lite of Release date: April 4th 2022, Debian version: 11 (bullseye) for a Headless setup. Although until now, the process for running a headless system, which means a system without monitor and keyboard was widely known to the raspberry Pi community, starting from the bullseye version of the OS, things have changed. | + | A surprise is expecting users of the Raspberry Pi who will try to install Raspberry Pi OS Lite of Release date: April 4th 2022, Debian version: 11 (bullseye) for a Headless setup, such as those of us who are working in the IoT control and automation universe. Although until now, the process for running a headless system, which means a system without monitor and keyboard was widely known to the raspberry Pi community, starting from the bullseye version of the OS, things have changed. |
| - | Just a note in the [[https://downloads.raspberrypi.org/raspios_lite_armhf/release_notes.txt|Release Notes]] indicates that the widely known pi user seizes to exist, in order to enhance the safety and security of the system. | + | Just a note in the [[https://downloads.raspberrypi.org/raspios_lite_armhf/release_notes.txt|Release Notes]] indicates that ** Default "pi" user has been removed **. The intention has to do with enhancing the safety and security of the system, since the name of the pi user will no longer be taken for granted. |
| Only after several hours of frustration with a newly burnt SD card with bullseye failing to allow remote login via ssh with error ** Permission denied **, I finally located [[https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/|this article]] which explains the situation. | Only after several hours of frustration with a newly burnt SD card with bullseye failing to allow remote login via ssh with error ** Permission denied **, I finally located [[https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/|this article]] which explains the situation. | ||
| - | Although the article provides some steps to remedy the situation, unfortunately does not consider at all the development environment of the community who works entirely "headless" and it does not provide a simple and quick solution. I expressed my feelings commenting on the page of the above article, but the purpose of this posting is entirely to provide such a simple solution. | + | Although the article provides some steps to remedy the situation, unfortunately does not consider at all the development environment of the community who works entirely "headless" and it does not provide a simple and quick solution. I expressed my feelings commenting on the page of the above article, but the purpose of this posting is entirely to provide such a simple solution without going through such complaints and arguments. |
| - | Now that the pi user does not exist, we must inform the Raspberry Pi about the name of a user and the password of this user. Create a file called ‘userconf’ or ‘userconf.txt’ in the boot partition of the SD card with one single line (no linefeed at the end) with the following content. | + | Now that the pi user does not exist, we must inform the Raspberry Pi about the name of a user and the password of this user. Create a file called **userconf** or **userconf.txt** in the **/boot** partition of the SD card with one single line (no linefeed at the end) with the following content. |
| <code> newuser:$6$DDAc06HDo9lQufr4$650WAMQfti/nChvgDJKVYdY2fb8gnH6XY50hIYoKKhdn14.RG9LkkDlWM0oNNnuJwaptzJsckYIqu.oi3J3ay/ | <code> newuser:$6$DDAc06HDo9lQufr4$650WAMQfti/nChvgDJKVYdY2fb8gnH6XY50hIYoKKhdn14.RG9LkkDlWM0oNNnuJwaptzJsckYIqu.oi3J3ay/ | ||
| </code> | </code> | ||
| - | You can replace the name of the user from **newuser** to whatever you like. | + | You can replace the name of the user from **newuser** to whatever you like. The **:** is the separator of the user name and the password. |
| Now, remote login as usual: | Now, remote login as usual: | ||
| Line 24: | Line 24: | ||
| </code> | </code> | ||
| - | The password of the user is **raspberry**. Please remember to change it after your first login. | + | The password is **raspberry** and the long string above is the sha512 hashed form. Please remember to change the password after your first login. |
| Does this posting create a security gap by publishing the encrypted form of the **raspberry** text? No, because the hash creation algorithm **openssl passwd -6** is using a random seed, if run without the `-seed` option, therefore there is an enormous amount of hashed encoded forms that will respond positively to the raspberry password. The text above is just one of those encoded forms. | Does this posting create a security gap by publishing the encrypted form of the **raspberry** text? No, because the hash creation algorithm **openssl passwd -6** is using a random seed, if run without the `-seed` option, therefore there is an enormous amount of hashed encoded forms that will respond positively to the raspberry password. The text above is just one of those encoded forms. | ||
| Line 31: | Line 31: | ||
| - | We could have millions of conversation lines arguing about the increased security achieved by removing the pi user. I will not do that at the present time, because I think that it is more essential to make this information public and save our colleagues time and frustration. | + | We could have millions of conversation lines arguing about the increased security achieved by removing the pi user. I will not do that at the present time, because I think that it is more essential to make this information public and save our colleagues time and frustration. But, it is obvious that the Raspberry Pi development team did a very poor job in properly providing the information of such a change. |
| - | + | ~~DISQUS~~ | |
raspberrypi/rpi4_bullsey.1655642506.txt.gz · Last modified: 2022/06/19 15:41 by Ilias Iliopoulos