Headless SSH setup - host is in insecure state until password changed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Raspbian |
New
|
Undecided
|
Unassigned |
Bug Description
https:/
> As of the November 2016 release, Raspbian has the SSH server disabled by default.
This does make sense. However the instructions for enabling SSH for headless setup still put the pi in an insecure state, with ssh access available and the default password still in place. You're supposed to change the password as your next step, but there's still an insecure window, and there's the potential for mistakes (imagine setting up fifteen new pi's at once).
I would suggest a tighter solution: if the /boot/ssh file contains a public key, that key should be copied into ~pi/.ssh/
Actually there's more stuff that needs configuring in this way. In particular, wifi access points and passwords. It's all very well setting up a classic Pi in headless mode using the ethernet port. It's much harder with the new Pi Zeros that have wifi but no ethernet. And also the hostname, important when you're setting up a bunch at the same time (they cost $10 after all).
So basically I'm saying all this stuff should go in /boot/config.txt. But if that's too annoying, putting a public key in /boot/ssh is the critical piece.
information type: | Private Security → Public |