Page 1 of 1
Questions About Security/Password/Network
Posted: Sun Sep 12, 2021 11:14 pm
by AtomicShroom
I have a few questions:
When I connect to my MiSTer via LAN FTP, Iām using the default root / 1 username and password. Can only LAN devices see/connect to the MiSTer or could technically anyone on the internet connect to it with those default credentials? Basically: Am I meant to change them?
Thanks!
Re: Questions About Security/Password/Network
Posted: Mon Sep 13, 2021 2:22 am
by Crystal
That depends, whether you set up port forwarding on your router and whether your ISP would even allow it. As far MiSTer or DE-10 nano is concerned, no. It makes no attempts on it's own, like UPnP port forwarding, for it to have FTP, SSH, etc., reachable outside of LAN
Re: Questions About Security/Password/Network
Posted: Mon Sep 13, 2021 11:03 am
by AtomicShroom
Awesome, thank you!
Re: Questions About Security/Password/Network
Posted: Mon Sep 13, 2021 5:34 pm
by toastboy
You probably should change the default password though.
If an attacker somehow managed to get traffic past your router's firewall, then the mister's weak password might give them a foothold in your home network.
Granted the mister is unlikely to be online 24/7, and it's running a very cut-down version of linux so it would be of limited use to an attacker, but best to be safe.
If you're using a windows PC, download "putty" ssh client and use it to connect as user "root" to your mister's IP address in the form "192.168.x.x".
From a mac/linux launch a terminal and type "ssh
root@192.168.x.x".
Once connected to the mister, type "passwd root" and enter a new password.
Updates to the linux part of mister sometimes reset the password back to "1", meaning you have to modify it again.
Re: Questions About Security/Password/Network
Posted: Tue Sep 14, 2021 6:55 pm
by Crystal
if you are using a relatively modern built of windows 10 or newer, you can do this from command prompt, without the need for putty or other ssh client.
as far security improvements, does mister support access with private key on ssh? that would raise it again, as now you need 2 things, password for private key and private key itself, instead of just the password for mister
Re: Questions About Security/Password/Network
Posted: Wed Dec 22, 2021 2:46 pm
by P207
Greetings
I've changed root password to something else. I can press F9 or ssh using these new password.
But I can also enter the sdcard through CIFS/SMB using the default password. It does not want the new password.
My knowledge of linux is tiny. Can anyone tell me what I am doing wrong?
Thanks in advance.
Re: Questions About Security/Password/Network
Posted: Wed Dec 22, 2021 3:13 pm
by Flandango
By default, Samba on Mister is configured for all folders to be public, meaning you don't need a password to access them.
Re: Questions About Security/Password/Network
Posted: Thu Dec 23, 2021 3:52 pm
by Bas
Samba also uses a different user database than the one from the OS itself, which SSH does use. Configuring Samba is a big subject in and of itself though. The smbpasswd command will help you there, but do read the docs for Samba. It's quite a beast, so best be prepared.
Re: Questions About Security/Password/Network
Posted: Mon Jul 18, 2022 3:40 pm
by thisisamigaspeaking
toastboy wrote: āMon Sep 13, 2021 5:34 pm
Updates to the linux part of mister sometimes reset the password back to "1", meaning you have to modify it again.
Sorry to necro this old thread, but why would they reset the password back to 1?
I came here looking for information on whether I should change the default password (which I have) and if so why that isn't suggested in the documentation (if it in fact is not). Leaving any linux device with a default password seems like a bad idea to me. I don't like to rely entirely on my firewall/router for security.
Re: Questions About Security/Password/Network
Posted: Tue Jul 19, 2022 7:50 pm
by Malor
It's because the Linux update method is "overwrite everything, clobbering any existing files', which includes /etc/passwd and /etc/shadow. That's why it's best to pull script settings into separate INI files, so that when the scripts get blown away at the next update, your settings will be preserved.