Raspberry Pi OS wird sicherer - AZ-Delivery

When I'm on the WWW like this, I always look for inspiration for new projects, but I also like to read the technology news from different sides. This includes Heise.de as a programmer and developer, but also other pages, such as the news blog of the Raspberry Pi Foundation. Especially with the latter are interesting News on April 7th, 2022 appeared, which I would like to explain briefly at this point and will explain why this news actually made me so happy.

What is in the news

Because maybe. The one or the other reader among them, who is difficult to understand English, is a short summary. The message of message already reveals that Raspberry Pi Os Bullseye has received a larger update. The basic idea of ​​the update was with IT security. Cyber ​​attacks and weaknesses in the code in particular use hackers to capture systems or steal sensitive data. At this point I have already heard noise! Raspberry Pi OS is a so-called derivative of the Linux system Debian, which in the past was quite brisk when corrupted bug fixes and patches of critical weaknesses. When reading the article further, it is about a general weak point of the Raspberry Pi, the user, and the frequent choice of an unsafe password. With a Google search you can quickly find out the standard login for Raspberry Pi OS, namely user pi With the password RaspberryWhich is not bad at first. Only many users from Raspberry Pi pass the message, please change the password. So there quickly land easily to be taken over the network or worse on the Internet, where everyone knows the login data.

Therefore, at the first start of the Raspberry Pi OS, it was decided not to show a friendly message to change the password as before but to force the user to create a root user and password himself. But what exactly does that mean?

First and foremost, this means that the user pi With the password Raspberry there is no longer the latest image. Rather, as with all common operating systems, you have to create a root or administrator user.

Before the panic breaks out for you that an existing installation is somehow manipulated, I can calm down. With six Raspberry Pis, with different tasks, I have already carried out the update and nothing has changed. My user pi, as well as the password I have set, are still there and all applications, scripts, and tasks run as before. So you can calm down the update. In the following, I show the methods of how to set up the new account.

The classic path over the surface

The first way that takes place at every classic installation of Ubuntu is to create a root user with a password. The Raspberry Pi is no different, only the graphic preparation is in the style of Raspberry Pi.

First, the Raspberry Pi welcomes you with a welcome screen, see Image 1.

Figure 1: Welcome screen of the PI

Image 1: Welcome screen of the PI

This is in English but already shows that there are still a few things to do with the initial commissioning. First of all, however, the country setting must be adjusted, Image 2.

Figure 2: Adjust the country setting

Image 2: Adjust the country setting

Confirm the entries with "Next" and then comes the moment when it becomes interesting for you. Now the root user has to be created. It used to be the combination of pi and Raspberry, Now that's your job, see Image 3.

Please remember that your system is only as safe as the selected user and the password! The BSI has its own website for this how a safe password should look exactly.

Figure 3: Create root user

Image 3: Create a root user

Then there are other queries, such as the settings for the WiFi. Display settings and the update of the operating system will follow. At this point it should be said that the user you choose has the same settings and authorizations as the old user pi has.

If you use the lite version of the current Raspberry Pi OS, you will see the corresponding request to create the root account in the terminal.

The way over the Raspberry Pi Imager

Since the image takes place by default via the Raspberry Pi Imager, you can also make the necessary setting here. To do this, select the gear on the bottom right and select the combination of user and password in the following dialog, see Image 4.

Figure 4: User and password via Raspberry Pi Imager

Image 4: User and password via Raspberry Pi Imager

Please do not forget to set the hook at the corresponding place so that the entered combination of user and password is accepted.

Create a user via userconf.txt

If you already have the image on the SD card or the USB stick, you don't need to flash everything now, but there is an easier way for it. Since the boot partition can be viewed in all operating systems, especially with Windows, the File Userconf.txt can be created here. In it the username and the encrypted password must be entered as follows, User: Encrypted password. The sticking point is that the password OpenSSL must be encrypted.

Use the command on a running Raspberry Pi Code 1.

echo 'mypassword' | OpenSSSL Passwd -6 -Stdin

Code 1: encrypt the password with OpenSSL

Replace mypassword With your password and enter the combination in the file. In my example, I did this in Image 5.

Figure 5: User / Password - Combination in UserConf file

Image 5: User / Password - Combination in UserConf file

As far as I have seen in my tests, the file is deleted immediately after reading.

What else is there?

In addition to this larger innovation, a bit under the hood has also happened. First the well-known problem with Bluetooth. In the past, it has always been a problem if the Bluetooth devices were not already paired to use them on the PI. Now it is possible to carry out the pairing in the wizard as soon as the Raspberry Pi OS recognizes a Bluetooth device. A corresponding message is displayed on the first page and a submenu is offered.

To get the new Raspberry Pi OS, the command from Code 2 is sufficient. It takes a short moment depending on the state of the operating system, but after that you should have the latest OS on the Raspberry Pi.

Sudo apt update
Sudo apt full-upgrade

Code 2: Update the system completely

You should now feel the desire to your user pi Wanting to change is also a way to do this with the command from Code 3.

Sudo Rename-user

Code 3: Rename the user's PI

You will be asked to restart the Raspberry Pi immediately afterward and then open the user as from the Wizard mentioned above.

Finally, the news is about the alternative to the X server. This is called Wayland but must be activated accordingly. So far, the server is purely experimental, but can already be tested on non -productive systems. Unfortunately, I can't report anything on this because I have all my current Raspberry Pis in productive use. I have read little negative things so far, but there seem to be various bugs.

If you want to use Wayland and the system was updated by you by a previous version, Wayland must also be installed on the OS in addition to setting in Raspi-Config. This happens to the command from Code 4.

Sudo apt Install RPI-Wayland

Code 4: Install Wayland

More important information cannot be found in the news and I hope I was able to explain the essential things to you. Have you already tried the new Raspberry Pi OS? Feel free to write your experiences in the comments.

Grundlagen softwareRaspberry pi

5 comments

masterflai

masterflai

Alternativ die beiden Kommandos verbinden und mit einem Aufruf ausführen:

sudo apt update && sudo apt full-upgrade

Jörn Weise

Jörn Weise

Hallo Herr Mückner,
wenn ein Altsystem ein Update verpasst bekommt (auch das habe ich in einem Test versucht), gibt es keinerlei Probleme. Die Zugangsdaten werden nicht geändert oder blockiert.

Andreas Mückner

Andreas Mückner

Sehr interessant, vielen Dank!
Allerdings frage ich mich wie sich ein Altsystem mit Standard User und Passwort verhält. Sie haben bei Ihren Systemen bereits das Passwort vorher geändert wenn ich es richtig verstanden habe.

Andreas Wolter

Andreas Wolter

es sind zwei Befehle. Es fehlte ein Zeilenumbruch. Ich habe das korrigiert.

Grüße,
Andreas Wolter

Hans-Jürgen Kaufeld

Hans-Jürgen Kaufeld

sudo apt updatesudo apt full-upgrade

Funktioniert nicht

Leave a comment

All comments are moderated before being published

Recommended blog posts

  1. ESP32 jetzt über den Boardverwalter installieren - AZ-Delivery
  2. Internet-Radio mit dem ESP32 - UPDATE - AZ-Delivery
  3. Arduino IDE - Programmieren für Einsteiger - Teil 1 - AZ-Delivery
  4. ESP32 - das Multitalent - AZ-Delivery