Questions About Security/Password/Network

Kernel, Main, Utilities & Applications, Miscellaneous Devices.
AtomicShroom
Posts: 172
Joined: Sun Mar 07, 2021 12:28 pm
Has thanked: 31 times
Been thanked: 48 times

Questions About Security/Password/Network

Unread post by AtomicShroom »

I have a few questions:

When I connect to my MiSTer via LAN FTP, I’m using the default root / 1 username and password. Can only LAN devices see/connect to the MiSTer or could technically anyone on the internet connect to it with those default credentials? Basically: Am I meant to change them?

Thanks!

User avatar
Crystal
Posts: 51
Joined: Sun May 24, 2020 8:52 pm
Has thanked: 8 times
Been thanked: 11 times

Re: Questions About Security/Password/Network

Unread post by Crystal »

That depends, whether you set up port forwarding on your router and whether your ISP would even allow it. As far MiSTer or DE-10 nano is concerned, no. It makes no attempts on it's own, like UPnP port forwarding, for it to have FTP, SSH, etc., reachable outside of LAN
AtomicShroom
Posts: 172
Joined: Sun Mar 07, 2021 12:28 pm
Has thanked: 31 times
Been thanked: 48 times

Re: Questions About Security/Password/Network

Unread post by AtomicShroom »

Awesome, thank you! :)
User avatar
toastboy
Posts: 69
Joined: Wed Sep 09, 2020 9:20 pm
Has thanked: 13 times
Been thanked: 20 times

Re: Questions About Security/Password/Network

Unread post by toastboy »

You probably should change the default password though.
If an attacker somehow managed to get traffic past your router's firewall, then the mister's weak password might give them a foothold in your home network.
Granted the mister is unlikely to be online 24/7, and it's running a very cut-down version of linux so it would be of limited use to an attacker, but best to be safe.

If you're using a windows PC, download "putty" ssh client and use it to connect as user "root" to your mister's IP address in the form "192.168.x.x".
From a mac/linux launch a terminal and type "ssh root@192.168.x.x".

Once connected to the mister, type "passwd root" and enter a new password.

Updates to the linux part of mister sometimes reset the password back to "1", meaning you have to modify it again.
User avatar
Crystal
Posts: 51
Joined: Sun May 24, 2020 8:52 pm
Has thanked: 8 times
Been thanked: 11 times

Re: Questions About Security/Password/Network

Unread post by Crystal »

toastboy wrote: Mon Sep 13, 2021 5:34 pm From a mac/linux launch a terminal and type "ssh root@192.168.x.x".
if you are using a relatively modern built of windows 10 or newer, you can do this from command prompt, without the need for putty or other ssh client.

as far security improvements, does mister support access with private key on ssh? that would raise it again, as now you need 2 things, password for private key and private key itself, instead of just the password for mister
P207
Posts: 7
Joined: Sun Oct 11, 2020 7:29 am
Has thanked: 3 times
Been thanked: 1 time

Re: Questions About Security/Password/Network

Unread post by P207 »

Greetings

I've changed root password to something else. I can press F9 or ssh using these new password.

But I can also enter the sdcard through CIFS/SMB using the default password. It does not want the new password.

My knowledge of linux is tiny. Can anyone tell me what I am doing wrong?

Thanks in advance.

Flandango
Core Developer
Posts: 459
Joined: Wed May 26, 2021 9:35 pm
Has thanked: 59 times
Been thanked: 383 times

Re: Questions About Security/Password/Network

Unread post by Flandango »

By default, Samba on Mister is configured for all folders to be public, meaning you don't need a password to access them.
Bas
Top Contributor
Posts: 622
Joined: Fri Jan 22, 2021 4:36 pm
Has thanked: 80 times
Been thanked: 324 times

Re: Questions About Security/Password/Network

Unread post by Bas »

Samba also uses a different user database than the one from the OS itself, which SSH does use. Configuring Samba is a big subject in and of itself though. The smbpasswd command will help you there, but do read the docs for Samba. It's quite a beast, so best be prepared.
User avatar
thisisamigaspeaking
Posts: 244
Joined: Mon May 23, 2022 12:28 am
Has thanked: 80 times
Been thanked: 23 times

Re: Questions About Security/Password/Network

Unread post by thisisamigaspeaking »

toastboy wrote: Mon Sep 13, 2021 5:34 pm Updates to the linux part of mister sometimes reset the password back to "1", meaning you have to modify it again.
Sorry to necro this old thread, but why would they reset the password back to 1?

I came here looking for information on whether I should change the default password (which I have) and if so why that isn't suggested in the documentation (if it in fact is not). Leaving any linux device with a default password seems like a bad idea to me. I don't like to rely entirely on my firewall/router for security.
Malor
Top Contributor
Posts: 860
Joined: Wed Feb 09, 2022 11:50 pm
Has thanked: 64 times
Been thanked: 194 times

Re: Questions About Security/Password/Network

Unread post by Malor »

It's because the Linux update method is "overwrite everything, clobbering any existing files', which includes /etc/passwd and /etc/shadow. That's why it's best to pull script settings into separate INI files, so that when the scripts get blown away at the next update, your settings will be preserved.
Post Reply