I managed to get into pi/flightaware with ssh, but after ~$ passwd, and Current Password:, I enter flightware and it says, “passwd: Authentication token maniplulation error”
Any insight? My hunting through the stacked posts here and through Google took me on a tour of the web with no avail.
Ok. Self-answered. It does want 'flightaware" for current pw. However, it’s important that you [type/spell] it correctly, which is a challenge becasue it’s not displayed while you type it.
Can the username [pi] be similarly and simply be changed using SSH?
You’ll have to logout of your current user; then login as root using SSH.
Use the usermod command. View the options with man usermod.
As far as I know, the name of default user “pi” cannot be changed, nor it can be deleted as it is the only user available by default.
User name change can however be achieved in following two steps. (1) First creat another user of desired name, and grant it sudo permission. (2) Next reboot Pi and login as newly created user, and delete “pi” user.
NOTE:
In the commands in screenshots below, I have used “abcd” as <new_username>
(1.1) Issue following command to (a) create new user, and (b) assign new user a password
sudo adduser <new_username>
(1.2) Give new user sudo permission by adding it to group sudo
sudo adduser <new_username> sudo
(1.3) Check if new user is created and added to sudo group
ls /home
groups <new_username>
Click on Screenshot to See Larger Size
(1.4) Running the sudo command requires a password, and if you want to remove the password restriction, run the following command:
echo '<new_username> ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/<new_username>
The above command will give following output:
<username> ALL=(ALL) NOPASSWD: ALL
Click on Screenshot to See Larger Size
(1.5) Check user “pi” is member of which groups by command “groups pi”
Click on Screenshot to See Larger Size
(1.6) Add new user to those groups to which “pi” is a member
sudo adduser <new_username> piaware
sudo adduser <new_username> plugdev
sudo adduser <new_username> users
sudo adduser <new_username> netdev
sudo adduser <new_username> gpio
sudo adduser <new_username> i2c
sudo adduser <new_username> spi
sudo adduser <new_username> render
sudo adduser <new_username> input
sudo adduser <new_username> games
sudo adduser <new_username> video
sudo adduser <new_username> audio
(1.7) Check <new_username> is added to all above groups:
groups <new_username>
Click on Screenshot to See Larger Size
(2.1) Reboot Pi
sudo reboot
(2.2) On reboot, login as <new_username>, then if you want, you can delete user “pi” by following command
sudo deluser --remove-home pi
The above command will completely remove the username “pi” from your system and disable the SSH login from the username “pi”. If you want to re-access the SSH connection, you must provide your <new_username> and it’s password
Click on Screenshot to See Larger Size
Does the Piaware SD Card image allow login as root through SSH?
If yes, then what is the default password for root?
Debian/Raspbian does not enable root user by default, it is something you must consciously do manually. I assume FA went with the default for their SD card image as it really is not necessary and a recipe for unintended consequences for the average user to login as root. If you do want to set a root password then:
sudo passwd root (and follow the prompts)
To enable ssh for root one needs to edit /etc/ssh/sshd_config, set PermitRootLogin to “yes” and restart the sshd service.
Not recommending anyone needs to do this, just answering the question of how it could be done.
For me it is much easier to enable root than add a new user then make it a member of several groups, … All it takes to change the user pi to another name is to logout of pi and login as another user. At that point one can change the pi user name. One might wish to change the home directory as well.
You can certainly configure it that way if you really want, but by default the root password is disabled and there’s no authorized_keys (and IIRC sshd’s PermitRootLogin defaults to prohibit-password which prevents password-based authentication for root over ssh anyway)
Thx to all for great dialogue and information on my basic question. I’ve learned a lot. Since the “root” of my question was to maximize security of the PiAaware device from port 22 exploits, I think I’ve learned that the pi username and my recently reset password are adequate, given that it’s in a LAN and has to be port forwarded to reach anyway. Great community of genuinely helpful folks, thank again. Scott
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
