Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

--
__ __
#_ < |\| |< _#

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All change with bookworm IIRC

--
In theory, there is no difference between theory and practice.
In practice, there is.
-- Yogi Berra

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 28/01/2025 08:51, The Natural Philosopher wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it
worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All  change with bookworm IIRC

UK law: Product Security and Telecommunications Security Act 2022 which
is amongst things, designed to stop devices, like routers for example,
from having default passwords that can easily be guessed. That's because
many people leave the passwords at the default settings and then such
devices are more easily roped into DDOS attacks.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

mm0fmf <none@invalid.com> wrote:

On 28/01/2025 08:51, The Natural Philosopher wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it
worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All  change with bookworm IIRC

UK law: Product Security and Telecommunications Security Act 2022 which
is amongst things, designed to stop devices, like routers for example,
from having default passwords that can easily be guessed. That's because
many people leave the passwords at the default settings and then such
devices are more easily roped into DDOS attacks.

Also the California Senate Bill 327:

"(b) Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision
(a) if either of the following requirements are met:

(1) The preprogrammed password is unique to each device manufactured.

(2) The device contains a security feature that requires a user to generate
a new means of authentication before access is granted to the device for the first time. "

https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On Sun, 26 Jan 2025 11:13:20 -0600, Knute Johnson wrote:

I can offer some suggestions: use version 1.85 of the Imager program.
It has solved some of the password entry issues of the older version.
Also it allows you to use a different user name than pi, but I like pi
so I use it. Use the latest Raspberry Pi OS, either 64 or 32 bit as appropriate.

What about 1.9? (Just curious.)

<https://github.com/raspberrypi/rpi-imager/releases>

--
s|b

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2025-01-26, Chris Green <cl@isbd.net> wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one. Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's required.

Probably not. People installing special-purpose distributions (media
player, dns filtering, hoem automazion etc.) may not even be aware that they need to change the SSH password when they only interact with some web
frontend.

Also, it is not just the data on the device that is at risk. There is also
the risk that such an exposed machine will be used as part of a botnet to attack other machines.

A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small percentage of these use the default password, that is way too much.

cu
Michael
--
Some people have no respect of age unless it is bottled.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 28/01/2025 at 18:30, Michael Schwingen wrote:

On 2025-01-26, Chris Green <cl@isbd.net> wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one. Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.

Probably not. People installing special-purpose distributions (media
player, dns filtering, hoem automazion etc.) may not even be aware that they need to change the SSH password when they only interact with some web frontend.

Also, it is not just the data on the device that is at risk. There is also the risk that such an exposed machine will be used as part of a botnet to attack other machines.

A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small percentage of these use the default password, that is way too much.

cu
Michael

But ssh is not enabled by default in Raspbian.


--
Chris Elvidge, England
UNDERWEAR SHOULD BE WORN ON THE INSIDE

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2025-01-28, Chris Elvidge <chris@internal.net> wrote:

A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small >> percentage of these use the default password, that is way too much.

But ssh is not enabled by default in Raspbian.

Good point (I was not sure - I always enable it, since my pis run headless).

However, I *do* remember news about lots of pis with default passwords being exploited via ssh - but I can't find the sources for that.

Either way, making it difficult for the admin to mess things up is not a bad idea.

cu
Michael
--
Some people have no respect of age unless it is bottled.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

Theo <theom+news@chiark.greenend.org.uk> wrote:

mm0fmf <none@invalid.com> wrote:

On 28/01/2025 08:51, The Natural Philosopher wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it
worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All change with bookworm IIRC

UK law: Product Security and Telecommunications Security Act 2022 which
is amongst things, designed to stop devices, like routers for example,
from having default passwords that can easily be guessed. That's because
many people leave the passwords at the default settings and then such
devices are more easily roped into DDOS attacks.

Also the California Senate Bill 327:

"(b) Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met:

(1) The preprogrammed password is unique to each device manufactured.

(2) The device contains a security feature that requires a user to generate
a new means of authentication before access is granted to the device for the first time. "

https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327

They both seem to be about the original topic of log-in passwords,
not WiFi settings.

--
__ __
#_ < |\| |< _#

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked? >>

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All change with bookworm IIRC

Sounds like I got off the RPiOS ship just at the right time before
they went completely nuts. Choice of distros is such a wonderful
advantage of Linux (even if there's less choice for the Pis than
for PC).

--
__ __
#_ < |\| |< _#

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 28/01/2025 21:31, Computer Nerd Kev wrote:

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked? >>>

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All change with bookworm IIRC

Sounds like I got off the RPiOS ship just at the right time before
they went completely nuts. Choice of distros is such a wonderful
advantage of Linux (even if there's less choice for the Pis than
for PC).

Well I stick to PIOS simple because it is the documented standard.
Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have
learnt its magic spells.

And it knows which underlying files to frig with. And gets the syntax right.

To be honest although it is possible to do everything over ssh, the
chances of losing connectivity while messing with the network are high
and a HDMI screen and a USB keyboard are not hard to rig up with the
appropiate adapters.


--
To ban Christmas, simply give turkeys the vote.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2025-01-28, The Natural Philosopher <tnp@invalid.invalid> wrote:

Well I stick to PIOS simple because it is the documented standard.
Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have learnt its magic spells.

If you don't like networkmanager, it is easy to switch to the old method
after installation of the base system:

https://github.com/mschwingen/hardware/tree/master/YOGA_GPIB/software

apt install isc-dhcp-client ifupdown resolvconf
apt purge modemmanager network-manager ppp avahi-daemon

got me to a state where the classic configuration using
/etc/network/interfaces just works.

To be honest although it is possible to do everything over ssh, the
chances of losing connectivity while messing with the network are high
and a HDMI screen and a USB keyboard are not hard to rig up with the appropiate adapters.

I had a serial console connected, but that is only activated at a later
step. I sued raspberry pi imager to setup ssh pre-boot, but you can easily
do that using a text editor.

cu
Michael
--
Some people have no respect of age unless it is bottled.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

In article <vnbqo3$21n98$4@dont-email.me>,
The Natural Philosopher <tnp@invalid.invalid> wrote:

Well I stick to PIOS simple because it is the documented standard.
Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have >learnt its magic spells.

There's also nmtui, which works in the same places nmcli does, but is much easier to navigate.

--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet?

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 29/01/2025 21:14, Scott Alfter wrote:

In article <vnbqo3$21n98$4@dont-email.me>,
The Natural Philosopher <tnp@invalid.invalid> wrote:

Well I stick to PIOS simple because it is the documented standard.
Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have
learnt its magic spells.

There's also nmtui, which works in the same places nmcli does, but is much easier to navigate.

Indeed yes. Does it cover all the options? I never got around to using
it. My configuration was nicely handled by nmcli...

My concern about reinstalling the trad. method is that the Gods of Linux
will move away from the standard so much that it will ultimately stop
working because no one is developing it.

So I am biased towards command line tools for network manager.

YMMV

--
Of what good are dead warriors? … Warriors are those who desire battle
more than peace. Those who seek battle despite peace. Those who thump
their spears on the ground and talk of honor. Those who leap high the
battle dance and dream of glory … The good of dead warriors, Mother, is
that they are dead.
Sheri S Tepper: The Awakeners.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

In article <vnffc9$2s8gn$6@dont-email.me>,
The Natural Philosopher <tnp@invalid.invalid> wrote:

On 29/01/2025 21:14, Scott Alfter wrote:

In article <vnbqo3$21n98$4@dont-email.me>,
The Natural Philosopher <tnp@invalid.invalid> wrote:

Well I stick to PIOS simple because it is the documented standard.
Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have
learnt its magic spells.

There's also nmtui, which works in the same places nmcli does, but is much >> easier to navigate.

Indeed yes. Does it cover all the options? I never got around to using
it. My configuration was nicely handled by nmcli...

I don't know how much coverage nmtui provides in comparison to nmcli. I've used it to set up WiFi on new installs and to connect to/disconnect from already-configured VPNs (haven't tried using it to configure a VPN).

--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet?

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 28/01/2025 18:30, Michael Schwingen wrote:

On 2025-01-26, Chris Green <cl@isbd.net> wrote:
Also, it is not just the data on the device that is at risk. There is also the risk that such an exposed machine will be used as part of a botnet to attack other machines.

This is true. Malware may get inside your networking by exploiting a
Windows vulnerability, but it may short lived if detected by anti-virus
or cleared by rebooting if non-persistent. However, it can quickly scan
the local network to find other systems to infect.

A Raspberry Pi with a default password makes a great a great botnet host
as it wont have any additional security software, and will generally be
left switched on permanently, with very infrequent software updates.

---druck

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)