Questions About Security/Password/Network

[AtomicShroom]

I have a few questions:

When I connect to my MiSTer via LAN FTP, I’m using the default root / 1 username and password. Can only LAN devices see/connect to the MiSTer or could technically anyone on the internet connect to it with those default credentials? Basically: Am I meant to change them?

Thanks!

[Crystal]

That depends, whether you set up port forwarding on your router and whether your ISP would even allow it. As far MiSTer or DE-10 nano is concerned, no. It makes no attempts on it's own, like UPnP port forwarding, for it to have FTP, SSH, etc., reachable outside of LAN

[AtomicShroom]

Awesome, thank you!

[toastboy]

You probably should change the default password though.
If an attacker somehow managed to get traffic past your router's firewall, then the mister's weak password might give them a foothold in your home network.
Granted the mister is unlikely to be online 24/7, and it's running a very cut-down version of linux so it would be of limited use to an attacker, but best to be safe.

If you're using a windows PC, download "putty" ssh client and use it to connect as user "root" to your mister's IP address in the form "192.168.x.x".
From a mac/linux launch a terminal and type "ssh root@192.168.x.x".

Once connected to the mister, type "passwd root" and enter a new password.

Updates to the linux part of mister sometimes reset the password back to "1", meaning you have to modify it again.

[Crystal]

From a mac/linux launch a terminal and type "ssh root@192.168.x.x".

if you are using a relatively modern built of windows 10 or newer, you can do this from command prompt, without the need for putty or other ssh client.

as far security improvements, does mister support access with private key on ssh? that would raise it again, as now you need 2 things, password for private key and private key itself, instead of just the password for mister

[P207]

Greetings

I've changed root password to something else. I can press F9 or ssh using these new password.

But I can also enter the sdcard through CIFS/SMB using the default password. It does not want the new password.

My knowledge of linux is tiny. Can anyone tell me what I am doing wrong?

Thanks in advance.

[Flandango]

By default, Samba on Mister is configured for all folders to be public, meaning you don't need a password to access them.

[Bas]

Samba also uses a different user database than the one from the OS itself, which SSH does use. Configuring Samba is a big subject in and of itself though. The smbpasswd command will help you there, but do read the docs for Samba. It's quite a beast, so best be prepared.

[thisisamigaspeaking]

Updates to the linux part of mister sometimes reset the password back to "1", meaning you have to modify it again.

Sorry to necro this old thread, but why would they reset the password back to 1?

I came here looking for information on whether I should change the default password (which I have) and if so why that isn't suggested in the documentation (if it in fact is not). Leaving any linux device with a default password seems like a bad idea to me. I don't like to rely entirely on my firewall/router for security.

[Malor]

It's because the Linux update method is "overwrite everything, clobbering any existing files', which includes /etc/passwd and /etc/shadow. That's why it's best to pull script settings into separate INI files, so that when the scripts get blown away at the next update, your settings will be preserved.