mailing list archives
some distros for Raspberry Pi have sshd enabled and default logins.
From: larry Cashdollar <larry0 () me com>
Date: Sat, 04 Aug 2012 00:36:24 +0000 (GMT)
Larry W. Cashdollar
Since a some RaspberryPi users maybe unaware of the security implications of sshd I thought I should just make a note
of some issues.
RaspberryPi image Occidentalis v0.1
From the site:
"Adafruit <3 Raspberry Pi - especially how easy it is to hack circuits using the electronics breakout pins! But sadly, the latest official
distro "July 15 Raspbian Wheezy" did not have many of the delicious hackables built in. That's why we decided to roll our own
Our distro is based on "Wheezy" but comes with hardware SPI, I2C, one wire, and WiFi support for our wifi adapters. It also has
some things to make overall hacking easier such sshd on startup (with key generation on first boot) and Bonjour (so you can simply
ssh raspberrypi.local from any computer on the local network)"
Enables ssh by default but doesn't prompt user to change root & pi account passwords.
Arch Linux ARM
"Arch Linux ARM is based on Arch Linux, which aims for simplicity and full control to the end user. Note that this distribution may not
be suitable for beginners."
Default login of root/root with sshd enabled, doesn't prompt to change password.
If your going to enabled sshd by default please prompt the user to change the default password upon first boot. If your going to connect
these PIs to a network be sure to use secure passwords.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- some distros for Raspberry Pi have sshd enabled and default logins. larry Cashdollar (Aug 04)