Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec


computers / comp.sys.raspberry-pi / Re: It is now very nearly impossible to install a headless Pi

SubjectAuthor
* It is now very nearly impossible to install a headless PiChris Green
+* Re: It is now very nearly impossible to install a headless PiComputer Nerd Kev
|+- Re: It is now very nearly impossible to install a headless PiBryan
|+* Re: It is now very nearly impossible to install a headless PiJim Jackson
||`- Re: It is now very nearly impossible to install a headless PiChris Green
|`- Re: It is now very nearly impossible to install a headless PiChris Green
+* Re: It is now very nearly impossible to install a headless PiTheo
|+* Re: It is now very nearly impossible to install a headless PiChris Green
||+- Re: It is now very nearly impossible to install a headless PiTheo
||`- Re: It is now very nearly impossible to install a headless PiAhem A Rivet's Shot
|+* Re: It is now very nearly impossible to install a headless PiTimS
||`- Re: It is now very nearly impossible to install a headless PiLawrence D'Oliveiro
|+* Re: It is now very nearly impossible to install a headless Pi68g.1499
||+* Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
|||+* Re: It is now very nearly impossible to install a headless PiChris Green
||||+* Re: It is now very nearly impossible to install a headless PiTheo
|||||+- Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
|||||`* Re: It is now very nearly impossible to install a headless PiChris Green
||||| `- Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
||||+* Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
|||||`- Re: It is now very nearly impossible to install a headless PiChris Green
||||`- Re: It is now very nearly impossible to install a headless PiLawrence D'Oliveiro
|||+* Re: It is now very nearly impossible to install a headless Pi68g.1499
||||+* Re: It is now very nearly impossible to install a headless PiAhem A Rivet's Shot
|||||`* Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
||||| `* Re: It is now very nearly impossible to install a headless Pidruck
|||||  `* Re: It is now very nearly impossible to install a headless Pi68g.1499
|||||   +* Re: It is now very nearly impossible to install a headless PiAhem A Rivet's Shot
|||||   |`- Re: It is now very nearly impossible to install a headless Pi68g.1499
|||||   `* Re: It is now very nearly impossible to install a headless Pidruck
|||||    `* Re: It is now very nearly impossible to install a headless Pidruck
|||||     `- Re: It is now very nearly impossible to install a headless PiTheo
||||+* Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
|||||+- Re: It is now very nearly impossible to install a headless Pi68g.1499
|||||`* Re: It is now very nearly impossible to install a headless PiAdam Funk
||||| +* Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
||||| |`- Re: It is now very nearly impossible to install a headless PiAdam Funk
||||| `* Re: It is now very nearly impossible to install a headless PiCharlie Gibbs
|||||  `- Re: It is now very nearly impossible to install a headless PiAdam Funk
||||`- Re: It is now very nearly impossible to install a headless PiRichard Kettlewell
|||`* Re: It is now very nearly impossible to install a headless Pidruck
||| `- Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
||`* Re: It is now very nearly impossible to install a headless PiScott Alfter
|| +* Re: It is now very nearly impossible to install a headless PiPancho
|| |+* Re: It is now very nearly impossible to install a headless PiScott Alfter
|| ||+* Re: It is now very nearly impossible to install a headless PiChris Green
|| |||`- Re: It is now very nearly impossible to install a headless PiChris Green
|| ||`* Re: It is now very nearly impossible to install a headless PiPancho
|| || `* Re: It is now very nearly impossible to install a headless Pidruck
|| ||  `* Re: It is now very nearly impossible to install a headless PiPancho
|| ||   +* Re: It is now very nearly impossible to install a headless PiRichard Kettlewell
|| ||   |`- Re: It is now very nearly impossible to install a headless PiPancho
|| ||   `* Re: It is now very nearly impossible to install a headless Pidruck
|| ||    `- Re: It is now very nearly impossible to install a headless PiPancho
|| |`* Re: It is now very nearly impossible to install a headless Pidruck
|| | `- Re: It is now very nearly impossible to install a headless PiPancho
|| `* Re: It is now very nearly impossible to install a headless PiChris Green
||  +* Re: It is now very nearly impossible to install a headless PiAhem A Rivet's Shot
||  |`* Re: It is now very nearly impossible to install a headless PiChris Green
||  | `- Re: It is now very nearly impossible to install a headless PiCharlie Gibbs
||  +* Re: It is now very nearly impossible to install a headless PiTheo
||  |+* Re: It is now very nearly impossible to install a headless PiTheo
||  ||`* Re: It is now very nearly impossible to install a headless PiAhem A Rivet's Shot
||  || `- Re: It is now very nearly impossible to install a headless PiTheo
||  |`* Re: It is now very nearly impossible to install a headless PiChris Green
||  | `* Re: It is now very nearly impossible to install a headless PiTheo
||  |  `* Re: It is now very nearly impossible to install a headless PiChris Green
||  |   `* Re: It is now very nearly impossible to install a headless PiTheo
||  |    +- Re: It is now very nearly impossible to install a headless PiChris Green
||  |    `- Re: It is now very nearly impossible to install a headless PiAdam Funk
||  `* Re: It is now very nearly impossible to install a headless PiRichard Kettlewell
||   +- Re: It is now very nearly impossible to install a headless PiAhem A Rivet's Shot
||   `* Re: It is now very nearly impossible to install a headless PiChris Green
||    `- Re: It is now very nearly impossible to install a headless PiRichard Kettlewell
|`* Re: It is now very nearly impossible to install a headless PiAdam Funk
| `* Re: It is now very nearly impossible to install a headless PiTheo
|  `* Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
|   +- Re: It is now very nearly impossible to install a headless PiTheo
|   `- Re: It is now very nearly impossible to install a headless Pi68g.1499
+- Re: It is now very nearly impossible to install a headless PiLawrence D'Oliveiro
+- It is now very nearly impossible to install a headless PiRichard Falken
`* Re: It is now very nearly impossible to install a headless PiScott Alfter
 +* Re: It is now very nearly impossible to install a headless Pi68g.1499
 |+* Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
 ||`* Re: It is now very nearly impossible to install a headless Pi68g.1499
 || +* Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
 || |`- Re: It is now very nearly impossible to install a headless Pi68g.1499
 || +* Re: It is now very nearly impossible to install a headless PiChris Elvidge
 || |`- Re: It is now very nearly impossible to install a headless Pi68g.1499
 || `* Re: It is now very nearly impossible to install a headless PiScott Alfter
 ||  `- Re: It is now very nearly impossible to install a headless Pi68g.1499
 |`* Re: It is now very nearly impossible to install a headless PiScott Alfter
 | +* Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher
 | |`* Re: It is now very nearly impossible to install a headless Pi68g.1499
 | | `* Re: It is now very nearly impossible to install a headless PiScott Alfter
 | |  `- Re: It is now very nearly impossible to install a headless Pi68g.1499
 | `- Re: It is now very nearly impossible to install a headless Pi68g.1499
 `* Re: It is now very nearly impossible to install a headless PiAnssi Saari
  `* Re: It is now very nearly impossible to install a headless PiScott Alfter
   `- Re: It is now very nearly impossible to install a headless PiThe Natural Philosopher

Pages:1234
It is now very nearly impossible to install a headless Pi

<k4fd8k-d8d71.ln1@esprimo.zbmc.eu>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=8981&group=comp.sys.raspberry-pi#8981

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.sys.raspberry-pi
Subject: It is now very nearly impossible to install a headless Pi
Date: Fri, 26 Jan 2024 19:52:20 +0000
Lines: 49
Message-ID: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net O0nJlf8W1+wbbjoSXMkz7QCO9vuSoGdZZ9mEOA9GkxGjvbnqc=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:xYiT8GUtuKH4X5ehRtybPnJuiKI= sha256:PFznRG4ZQhbetTR/xeNrKpxLdyRiP4oY1R1uIMG3/oQ=
User-Agent: tin/2.6.2-20220130 ("Convalmore") (Linux/5.15.0-91-generic (x86_64))
 by: Chris Green - Fri, 26 Jan 2024 19:52 UTC

I am getting very frustrated by stupid 'security'. I simply want to
install a new OS on a headless Pi and it's very close to impossible.

I first tried to download an image and install it. OK, it works but I
can't log in because ther eis no longer a default user/password there
even though I have enabled ssh.

I can't us Pi Imager because it's very broken on Ubuntu:-

root@t470# dpkg -i ./imager_1.8.5_amd64.deb
Selecting previously unselected package rpi-imager.
(Reading database ... 274950 files and directories currently installed.)
Preparing to unpack ./imager_1.8.5_amd64.deb ...
Unpacking rpi-imager (1.8.5) ...
dpkg: dependency problems prevent configuration of rpi-imager:
rpi-imager depends on qml-module-qtquick2; however:
Package qml-module-qtquick2 is not installed.
rpi-imager depends on qml-module-qtquick-controls2; however:
Package qml-module-qtquick-controls2 is not installed.
rpi-imager depends on qml-module-qtquick-layouts; however:
Package qml-module-qtquick-layouts is not installed.
rpi-imager depends on qml-module-qtquick-templates2; however:
Package qml-module-qtquick-templates2 is not installed.
rpi-imager depends on qml-module-qtquick-window2; however:
Package qml-module-qtquick-window2 is not installed.
rpi-imager depends on qml-module-qtgraphicaleffects; however:
Package qml-module-qtgraphicaleffects is not installed.

dpkg: error processing package rpi-imager (--install):
dependency problems - leaving unconfigured
Processing triggers for gnome-menus (3.36.0-1.1ubuntu1) ...
Processing triggers for desktop-file-utils (0.26-1ubuntu5) ...
Processing triggers for mailcap (3.70+nmu1ubuntu1) ...
Processing triggers for hicolor-icon-theme (0.17-2) ...
Processing triggers for man-db (2.11.2-3) ...
Errors were encountered while processing:
rpi-imager

For goodness sake what awful earth shattering disasters are going to
occur if I do create a Pi installation with default username and
password?

This is getting &(^(^$^&(*^^$&^^%(* ridiculous!!!!!!!

--
Chris Green
·

Re: It is now very nearly impossible to install a headless Pi

<65b421ff@news.ausics.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=8984&group=comp.sys.raspberry-pi#8984

 copy link   Newsgroups: comp.sys.raspberry-pi
Message-ID: <65b421ff@news.ausics.net>
From: not...@telling.you.invalid (Computer Nerd Kev)
Subject: Re: It is now very nearly impossible to install a headless Pi
Newsgroups: comp.sys.raspberry-pi
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
User-Agent: tin/2.0.1-20111224 ("Achenvoir") (UNIX) (Linux/2.4.31 (i586))
NNTP-Posting-Host: news.ausics.net
Date: 27 Jan 2024 07:20:00 +1000
Organization: Ausics - https://ausics.net
Lines: 33
X-Complaints: abuse@ausics.net
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.bbs.nz!news.ausics.net!not-for-mail
 by: Computer Nerd Kev - Fri, 26 Jan 2024 21:20 UTC

Chris Green <cl@isbd.net> wrote:
> I am getting very frustrated by stupid 'security'. I simply want to
> install a new OS on a headless Pi and it's very close to impossible.
>
> I first tried to download an image and install it. OK, it works but I
> can't log in because ther eis no longer a default user/password there
> even though I have enabled ssh.
>
> I can't us Pi Imager because it's very broken on Ubuntu:-

There is a way to set a user up in a "userconf.txt" file described
here:
https://www.raspberrypi.com/documentation/computers/configuration.html#remote-access

Another option would be to copy the /etc/passwd, /etc/shadow, and
/etc/group files from a similar existing RPi system while the OS
file system on the SD card is mounted at a Linux PC. Or you could
edit them manually and even create a user who doesn't need a
password at all.

> For goodness sake what awful earth shattering disasters are going to
> occur if I do create a Pi installation with default username and
> password?
>
> This is getting &(^(^$^&(*^^$&^^%(* ridiculous!!!!!!!

I agree, they're trying too hard to save users from themselves in
case someone leaves their RPi open to incoming SSH connections on
the internet. But most obviously won't do that.

--
__ __
#_ < |\| |< _# | Note: I won't see posts made from Google Groups |

Re: It is now very nearly impossible to install a headless Pi

<pGj*4UqBz@news.chiark.greenend.org.uk>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=8987&group=comp.sys.raspberry-pi#8987

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!news.hispagatos.org!news.nntp4.net!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED.chiark.greenend.org.uk!not-for-mail
From: theom+n...@chiark.greenend.org.uk (Theo)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: 26 Jan 2024 22:14:59 +0000 (GMT)
Organization: University of Cambridge, England
Message-ID: <pGj*4UqBz@news.chiark.greenend.org.uk>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
Injection-Info: chiark.greenend.org.uk; posting-host="chiark.greenend.org.uk:212.13.197.229";
logging-data="26855"; mail-complaints-to="abuse@chiark.greenend.org.uk"
User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/5.10.0-22-amd64 (x86_64))
Originator: theom@chiark.greenend.org.uk ([212.13.197.229])
 by: Theo - Fri, 26 Jan 2024 22:14 UTC

Chris Green <cl@isbd.net> wrote:
> I am getting very frustrated by stupid 'security'. I simply want to
> install a new OS on a headless Pi and it's very close to impossible.
>
> I first tried to download an image and install it. OK, it works but I
> can't log in because ther eis no longer a default user/password there
> even though I have enabled ssh.
>
> I can't us Pi Imager because it's very broken on Ubuntu:-

Does:

$ sudo apt install rpi-imager

not work for you?

It's been in Ubuntu since 22.04, possibly before that.

There is also

$ sudo snap install rpi-imager

which comes from https://github.com/waveform80/imager-snap/

> For goodness sake what awful earth shattering disasters are going to
> occur if I do create a Pi installation with default username and
> password?

Well, if you put that on the internet you're in for trouble.

More to the point it's now illegal to have default usernames and passwords
in the UK, so the RPi folks have to comply.

You are free to write the image to SD and then mount it and edit /etc/passwd
and /etc/shadow to change the login user/password if you so desire.

Theo

Re: It is now very nearly impossible to install a headless Pi

<up1arr$31qrp$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=8988&group=comp.sys.raspberry-pi#8988

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: pbyab...@4wrd.cc (Bryan)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Fri, 26 Jan 2024 17:14:18 -0500
Organization: wereboar.com
Lines: 39
Message-ID: <up1arr$31qrp$1@dont-email.me>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <65b421ff@news.ausics.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 26 Jan 2024 22:14:20 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="83295f436f2a5120e324930efa78b32d";
logging-data="3206009"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+AiQUHxVN4QcPNWmVHOZf4"
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101
Thunderbird/60.9.1
Cancel-Lock: sha1:CX1KMO3EEvszbQpgpFl+hsln5Xc=
Content-Language: en-US
In-Reply-To: <65b421ff@news.ausics.net>
 by: Bryan - Fri, 26 Jan 2024 22:14 UTC

On 1/26/2024 16:20, Computer Nerd Kev wrote:
> Chris Green <cl@isbd.net> wrote:
>> I am getting very frustrated by stupid 'security'. I simply want to
>> install a new OS on a headless Pi and it's very close to impossible.
>>
>> I first tried to download an image and install it. OK, it works but I
>> can't log in because ther eis no longer a default user/password there
>> even though I have enabled ssh.
>>
>> I can't us Pi Imager because it's very broken on Ubuntu:-
>
> There is a way to set a user up in a "userconf.txt" file described
> here:
> https://www.raspberrypi.com/documentation/computers/configuration.html#remote-access
>
> Another option would be to copy the /etc/passwd, /etc/shadow, and
> /etc/group files from a similar existing RPi system while the OS
> file system on the SD card is mounted at a Linux PC. Or you could
> edit them manually and even create a user who doesn't need a
> password at all.
>
>> For goodness sake what awful earth shattering disasters are going to
>> occur if I do create a Pi installation with default username and
>> password?
>>
>> This is getting &(^(^$^&(*^^$&^^%(* ridiculous!!!!!!!
>
> I agree, they're trying too hard to save users from themselves in
> case someone leaves their RPi open to incoming SSH connections on
> the internet. But most obviously won't do that.
>

It would be easy enough to force the user to change the password at
first boot, that's what some of the other distributions for SBCs do.
Armbian, in particular, gives you root at boot but you have to set a
password that isn't the default "1234".

Removing the user altogether seems to be the nuclear option, especially
if you got used to setting up headless devices.

Re: It is now very nearly impossible to install a headless Pi

<slrnur8cfr.hf6.jj@iridium.wf32df>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=8989&group=comp.sys.raspberry-pi#8989

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!newsfeed.endofthelinebbs.com!news.hispagatos.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: jj...@franjam.org.uk (Jim Jackson)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Fri, 26 Jan 2024 22:28:11 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 12
Message-ID: <slrnur8cfr.hf6.jj@iridium.wf32df>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <65b421ff@news.ausics.net>
Injection-Date: Fri, 26 Jan 2024 22:28:11 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="b05b2100f00a35f2d6922adfdae23941";
logging-data="3205848"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18niCpga6Ikkx2Oo2Z5H0LJSdPBbzKTxb4="
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:Wg6DmfwnAeC+FxN10El0HT+kC/U=
 by: Jim Jackson - Fri, 26 Jan 2024 22:28 UTC

> There is a way to set a user up in a "userconf.txt" file described
> here:
> https://www.raspberrypi.com/documentation/computers/configuration.html#remote-access
>
> Another option would be to copy the /etc/passwd, /etc/shadow, and
> /etc/group files from a similar existing RPi system while the OS
> file system on the SD card is mounted at a Linux PC. Or you could
> edit them manually and even create a user who doesn't need a
> password at all.

Or set up an ~userid/.ssh/authorized_keys file, with sshd enabled

Re: It is now very nearly impossible to install a headless Pi

<up1h1r$32k8k$7@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=8992&group=comp.sys.raspberry-pi#8992

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo...@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Fri, 26 Jan 2024 23:59:56 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <up1h1r$32k8k$7@dont-email.me>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 26 Jan 2024 23:59:56 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="558b003fc8e02bc378c971d6b5ee8a6a";
logging-data="3232020"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/0yM1AqGQ0wamhuW9G37N7"
User-Agent: Pan/0.155 (Kherson; fc5a80b8)
Cancel-Lock: sha1:e2OApMu9uh7VjyVJresFakiwrmo=
 by: Lawrence D'Oliv - Fri, 26 Jan 2024 23:59 UTC

On Fri, 26 Jan 2024 19:52:20 +0000, Chris Green wrote:

> I can't us Pi Imager because it's very broken on Ubuntu:-
>
> root@t470# dpkg -i ./imager_1.8.5_amd64.deb Selecting previously
> ...
> dpkg: dependency problems prevent configuration of rpi-imager:
> ...

That’s not “broken”. dpkg is a very low-level tool that only knows how to
install the .deb files you specify to it. Either explicitly download and
install the extra ones it says it needs, or if you want automatic
dependency resolution, you need the higher-level “apt-get” command.

UTRTFTJ.

Re: It is now very nearly impossible to install a headless Pi

<msne8k-dcs91.ln1@esprimo.zbmc.eu>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=8995&group=comp.sys.raspberry-pi#8995

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!rocksolid2!news.neodome.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Sat, 27 Jan 2024 07:27:50 +0000
Lines: 46
Message-ID: <msne8k-dcs91.ln1@esprimo.zbmc.eu>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <65b421ff@news.ausics.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net l+TKiQvEUlhn+0Ffb/jEZwlVIN75W/OgiApmj7iMaMkTjlBQE=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:R8mPErmHOWzD4Zgf04rUrDy10Go= sha256:A7uHMWetAxsRJUay3yo3Ma/RPghXRyKoWGSXLHvwts0=
User-Agent: tin/2.6.2-20220130 ("Convalmore") (Linux/5.15.0-91-generic (x86_64))
 by: Chris Green - Sat, 27 Jan 2024 07:27 UTC

Computer Nerd Kev <not@telling.you.invalid> wrote:
> Chris Green <cl@isbd.net> wrote:
> > I am getting very frustrated by stupid 'security'. I simply want to
> > install a new OS on a headless Pi and it's very close to impossible.
> >
> > I first tried to download an image and install it. OK, it works but I
> > can't log in because ther eis no longer a default user/password there
> > even though I have enabled ssh.
> >
> > I can't us Pi Imager because it's very broken on Ubuntu:-
>
> There is a way to set a user up in a "userconf.txt" file described
> here:
> https://www.raspberrypi.com/documentation/computers/configuration.html#remote-access
>
Yes, I did find that, but it is messy having to create hashed entries
etc.

> Another option would be to copy the /etc/passwd, /etc/shadow, and
> /etc/group files from a similar existing RPi system while the OS
> file system on the SD card is mounted at a Linux PC. Or you could
> edit them manually and even create a user who doesn't need a
> password at all.
>
I did try that, or at least I thought I had created a user with no
password but it didn't work. I may have been getting a bit frustrated
by then though so it's quite likely I got something wrong.

> > For goodness sake what awful earth shattering disasters are going to
> > occur if I do create a Pi installation with default username and
> > password?
> >
> > This is getting &(^(^$^&(*^^$&^^%(* ridiculous!!!!!!!
>
> I agree, they're trying too hard to save users from themselves in
> case someone leaves their RPi open to incoming SSH connections on
> the internet. But most obviously won't do that.
>
In the end I managed to install rpi-imager, it's in the Ubuntu
repositories now so installing it from there brings in all the missing
dependencies I saw.

--
Chris Green
·

Re: It is now very nearly impossible to install a headless Pi

<c2oe8k-dcs91.ln1@esprimo.zbmc.eu>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=8996&group=comp.sys.raspberry-pi#8996

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!rocksolid2!news.neodome.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Sat, 27 Jan 2024 07:30:52 +0000
Lines: 19
Message-ID: <c2oe8k-dcs91.ln1@esprimo.zbmc.eu>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <65b421ff@news.ausics.net> <slrnur8cfr.hf6.jj@iridium.wf32df>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net Q++TpTdPNr81kXM+EOe+KQERabt/OlxbiWRbLUp73h3MmxOSc=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:bdL9OdZnwLRT5QMf2Q+SdYz7eAg= sha256:r7ozVnjofV+q7mj3jt1Jh+4huukpih0yS6On62uOXX4=
User-Agent: tin/2.6.2-20220130 ("Convalmore") (Linux/5.15.0-91-generic (x86_64))
 by: Chris Green - Sat, 27 Jan 2024 07:30 UTC

Jim Jackson <jj@franjam.org.uk> wrote:
> > There is a way to set a user up in a "userconf.txt" file described
> > here:
> > https://www.raspberrypi.com/documentation/computers/configuration.html#remote-access
> >
> > Another option would be to copy the /etc/passwd, /etc/shadow, and
> > /etc/group files from a similar existing RPi system while the OS
> > file system on the SD card is mounted at a Linux PC. Or you could
> > edit them manually and even create a user who doesn't need a
> > password at all.
>
> Or set up an ~userid/.ssh/authorized_keys file, with sshd enabled
>
OP here, that's actually quite a neat way to do it. I use ssh a lot
(with and without key authorisation) so it wouldn't be too difficult.

--
Chris Green
·

Re: It is now very nearly impossible to install a headless Pi

<r9oe8k-dcs91.ln1@esprimo.zbmc.eu>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=8997&group=comp.sys.raspberry-pi#8997

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!news.neodome.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Sat, 27 Jan 2024 07:34:51 +0000
Lines: 47
Message-ID: <r9oe8k-dcs91.ln1@esprimo.zbmc.eu>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <pGj*4UqBz@news.chiark.greenend.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net zvzY17FNO2EWuFgIbHDgpg+EvBMAQfWHlo73u8aYULPqGzSIc=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:FS56Y1+RmpoCwZDN7FyzPuNxAFU= sha256:acApXbZD8fujiQizzKQ1PXv9cDt1uE6ysKLfh5ONjzk=
User-Agent: tin/2.6.2-20220130 ("Convalmore") (Linux/5.15.0-91-generic (x86_64))
 by: Chris Green - Sat, 27 Jan 2024 07:34 UTC

Theo <theom+news@chiark.greenend.org.uk> wrote:
> Chris Green <cl@isbd.net> wrote:
> > I am getting very frustrated by stupid 'security'. I simply want to
> > install a new OS on a headless Pi and it's very close to impossible.
> >
> > I first tried to download an image and install it. OK, it works but I
> > can't log in because ther eis no longer a default user/password there
> > even though I have enabled ssh.
> >
> > I can't us Pi Imager because it's very broken on Ubuntu:-
>
> Does:
>
> $ sudo apt install rpi-imager
>
> not work for you?
>
> It's been in Ubuntu since 22.04, possibly before that.
>
> There is also
>
> $ sudo snap install rpi-imager
>
> which comes from https://github.com/waveform80/imager-snap/
>
> > For goodness sake what awful earth shattering disasters are going to
> > occur if I do create a Pi installation with default username and
> > password?
>
> Well, if you put that on the internet you're in for trouble.
>
Who puts a 'naked' Raspberry Pi on the internet? 99.999% of them will
either be stand-alone systems not connected to anything or will be on
a home LAN behind NAT and a firewall.

Yes, I did find I could install rpi-imager from the Ubuntu
repositories, that's how I managed to get installed in the end.

> More to the point it's now illegal to have default usernames and passwords
> in the UK, so the RPi folks have to comply.
>
How about no password, would that be OK? :-)

--
Chris Green
·

Re: It is now very nearly impossible to install a headless Pi

<pGj*zNtBz@news.chiark.greenend.org.uk>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9002&group=comp.sys.raspberry-pi#9002

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!news.bbs.nz!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED.chiark.greenend.org.uk!not-for-mail
From: theom+n...@chiark.greenend.org.uk (Theo)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: 27 Jan 2024 11:22:15 +0000 (GMT)
Organization: University of Cambridge, England
Message-ID: <pGj*zNtBz@news.chiark.greenend.org.uk>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <pGj*4UqBz@news.chiark.greenend.org.uk> <r9oe8k-dcs91.ln1@esprimo.zbmc.eu>
Injection-Info: chiark.greenend.org.uk; posting-host="chiark.greenend.org.uk:212.13.197.229";
logging-data="16287"; mail-complaints-to="abuse@chiark.greenend.org.uk"
User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/5.10.0-22-amd64 (x86_64))
Originator: theom@chiark.greenend.org.uk ([212.13.197.229])
 by: Theo - Sat, 27 Jan 2024 11:22 UTC

Chris Green <cl@isbd.net> wrote:
> Theo <theom+news@chiark.greenend.org.uk> wrote:
> >
> Who puts a 'naked' Raspberry Pi on the internet? 99.999% of them will
> either be stand-alone systems not connected to anything or will be on
> a home LAN behind NAT and a firewall.

According to Shodan there are 22,700 systems claiming to be 'Raspbian' on
the internet.

Also, even if the Pi is firewalled, there is a threat from other users of
the LAN including compromised machines. You only need one machine to be
compromised to allow attackers into the network and then they can search out
for vulnerable machines from there.

If your network only has you, yourself and I, this is a different threat
from say a school where there are potentially many machines out of your
control.

> Yes, I did find I could install rpi-imager from the Ubuntu
> repositories, that's how I managed to get installed in the end.

OK, so your thread title is inaccurate.

> > More to the point it's now illegal to have default usernames and passwords
> > in the UK, so the RPi folks have to comply.
> >
> How about no password, would that be OK? :-)

It would be illegal to sell something in that state.

Otherwise, it depends on your threat model...

Theo

Re: It is now very nearly impossible to install a headless Pi

<l1k9f9F18aaU1@mid.individual.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9004&group=comp.sys.raspberry-pi#9004

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: tim...@streater.me.uk (TimS)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: 27 Jan 2024 11:58:33 GMT
Lines: 10
Message-ID: <l1k9f9F18aaU1@mid.individual.net>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <pGj*4UqBz@news.chiark.greenend.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
X-Trace: individual.net 5i7d/dZNwLhE4W9LCEwUUwsoZUF3fAeUFKm0Iw0WpByZp60b6D
Cancel-Lock: sha1:yIUHvmkAt2t2Gs8Bf0PuzylgD0c= sha256:OsSCHIMddmzUeZ83u6pau8jYxDLDJHBArZHYXHlwxo8=
X-Face: "M;\x&0=#cxDW4-*uL~{5d@+P7KmbB:]::l[1_h]^tu#H9yQ#.X4kSbDi;atp9otO=_G|Z2 t<Cay~&S1ru:A{I$SdbF$KS43iuPUwIh,8X"%3L;9=T~]BLW=IKvZ|/}D@Rml{4D#!Uc)|mu`34(e~ x[(n[\3.'{ChZ!"cF'!%M)iM0u~wQ"%,JC}JOhtI;:<EF5?fcf<^2T,{u.&U|?`X%B_eD##Y=ZdC2< Mq_b}MHzYQg8x-N,4)~`n*K*k?No"WVa3]]dntN(76o.nd1`;l}[-O<wJB{MQNv=H^6M`>CL2oMg$~ oW5:YPiBg[-rf40JdIu#K4A+M2gSW<LK5!!SEt:%K0z&:[N:7
User-Agent: Usenapp for MacOS
X-Usenapp: v1.27.2/l - Full License
 by: TimS - Sat, 27 Jan 2024 11:58 UTC

On 26 Jan 2024 at 22:14:59 GMT, "Theo" <theom+news@chiark.greenend.org.uk>
wrote:

> More to the point it's now illegal to have default usernames and passwords
> in the UK, so the RPi folks have to comply.

Wot? No more FIELD/SERVICE? How will we cope?

--
Tim

Re: It is now very nearly impossible to install a headless Pi

<20240127150750.7bef0ecc70a25f6818dea475@eircom.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9012&group=comp.sys.raspberry-pi#9012

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!usenet.network!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ste...@eircom.net (Ahem A Rivet's Shot)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Sat, 27 Jan 2024 15:07:50 +0000
Organization: A noiseless patient Spider
Lines: 14
Message-ID: <20240127150750.7bef0ecc70a25f6818dea475@eircom.net>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
<pGj*4UqBz@news.chiark.greenend.org.uk>
<r9oe8k-dcs91.ln1@esprimo.zbmc.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: dont-email.me; posting-host="2aec9f218db1563459e9cfdb0059774d";
logging-data="3612564"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+ZenXxSugBqllDjy5IOTc7gUBiQkGJxpM="
Cancel-Lock: sha1:Pjq0u8usINCBriLaFEsrHa/Azeo=
X-Newsreader: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.1)
X-Clacks-Overhead: "GNU Terry Pratchett"
 by: Ahem A Rivet's - Sat, 27 Jan 2024 15:07 UTC

On Sat, 27 Jan 2024 07:34:51 +0000
Chris Green <cl@isbd.net> wrote:

> Who puts a 'naked' Raspberry Pi on the internet?

I used to use one as a router originally with a USB ethernet
and later using VLANs and a managed switch, not since I got FTTH though. It
was running FreeBSD though.

--
Steve O'Hara-Smith
Odds and Ends at http://www.sohara.org/
For forms of government let fools contest
Whate're is best administered is best - Alexander Pope

Re: It is now very nearly impossible to install a headless Pi

<up3sph$3hbk7$14@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9018&group=comp.sys.raspberry-pi#9018

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo...@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Sat, 27 Jan 2024 21:32:33 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 12
Message-ID: <up3sph$3hbk7$14@dont-email.me>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
<pGj*4UqBz@news.chiark.greenend.org.uk> <l1k9f9F18aaU1@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 27 Jan 2024 21:32:33 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="a9befbf67dfd56f15a347bec2826e976";
logging-data="3714695"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/46+18aoWKmYp3IHX6xSCp"
User-Agent: Pan/0.155 (Kherson; fc5a80b8)
Cancel-Lock: sha1:lqgSIPQfHl9s+MO67u0c91V3Xdg=
 by: Lawrence D'Oliv - Sat, 27 Jan 2024 21:32 UTC

On 27 Jan 2024 11:58:33 GMT, TimS wrote:

> On 26 Jan 2024 at 22:14:59 GMT, "Theo"
> <theom+news@chiark.greenend.org.uk>
> wrote:
>
>> More to the point it's now illegal to have default usernames and
>> passwords in the UK, so the RPi folks have to comply.
>
> Wot? No more FIELD/SERVICE? How will we cope?

DEC/VMS joke. I think. ;)

It is now very nearly impossible to install a headless Pi

<706459154@f1.n770.z14356.fidonet.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9027&group=comp.sys.raspberry-pi#9027

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsfeed.xs3.de!news.bbs.nz!.POSTED.agency.bbs.nz!not-for-mail
From: nospam.R...@f1.n770.z14356.fidonet.org (Richard Falken)
Newsgroups: comp.sys.raspberry-pi
Subject: It is now very nearly impossible to install a headless Pi
Date: Sun, 28 Jan 2024 06:26:38 +1300
Organization: Agency HUB, Dunedin - New Zealand
Message-ID: <706459154@f1.n770.z14356.fidonet.org>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: news.bbs.nz; posting-host="8IWYKlztXHa0+IViEdY46zrq8kpk7dC9fTbT74JiSDQ";
logging-data="30719"; mail-complaints-to="abuse@news.bbs.nz"
User-Agent: VSoup v1.2.9.47Beta [95/NT]
X-Comment-To: Chris Green
X-MailConverter: SoupGate-Win32 v1.05
 by: Richard Falken - Sat, 27 Jan 2024 17:26 UTC

Re: It is now very nearly impossible to install a headless Pi
By: Chris Green to All on Fri Jan 26 2024 07:52 pm

> I am getting very frustrated by stupid 'security'. I simply want to
> install a new OS on a headless Pi and it's very close to impossible.
>

You have just reminded me of this article about autmated RPi headless
deployments, but I don't know if it still applies:

https://www.linux-magazine.com/Issues/2020/235/BerryLan

--
gopher://gopher.richardfalken.com/1/richardfalken

Re: It is now very nearly impossible to install a headless Pi

<-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9033&group=comp.sys.raspberry-pi#9033

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!news.swapon.de!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!69.80.99.27.MISMATCH!Xl.tags.giganews.com!local-2.nntp.ord.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail
NNTP-Posting-Date: Mon, 29 Jan 2024 04:54:59 +0000
Subject: Re: It is now very nearly impossible to install a headless Pi
Newsgroups: comp.sys.raspberry-pi
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <pGj*4UqBz@news.chiark.greenend.org.uk>
From: 68g.1...@etr6.net (68g.1499)
Organization: hexfet fermion
Date: Sun, 28 Jan 2024 23:54:59 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <pGj*4UqBz@news.chiark.greenend.org.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Message-ID: <-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com>
Lines: 29
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 99.101.150.97
X-Trace: sv3-Z08heVYGb2a4H/NOwZLNoTBGHVQU3N9yGh9sbb8w4VSV3UQt/wCBsHXwN55/wVwzj2yncKa4Qt0RBYZ!8tXBcftoQQWlhhTxVEvghcFoF7GanCK/Kty4XjEBWlC1fW+6OCqyTs5O1qZ/UkayMVZ6doutiqKD!Yp0+sKBntYz0qv7lA5nZ
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
 by: 68g.1499 - Mon, 29 Jan 2024 04:54 UTC

On 1/26/24 5:14 PM, Theo wrote:

>
> More to the point it's now illegal to have default usernames and passwords
> in the UK, so the RPi folks have to comply.
>

On install, you CAN select 'pi' as the username and anything
you want as the password. It WILL complain - but will do it
if you demand. If you change passwords later there's more of
a chance it will demand "minimum complexity" (that's deep in
the PAM stuff).

IMHO, the more important bit is the password, not the user name.
Make 'em a bit strange and not TOO damned short. A guy in my
office used to use "." as his Winders password :-)

Saw little article today ... "qwerty123" has become almost
as nefarious as "password"

Now if you're a bank or e-commerce site or something higher
profile then yea, gotta get more complicated and add
fail2ban and some other stuff for sure. North Korea is not
going to spend five days worth of CPU time to crack your
little home Pi and its valuable horde of "Rick and Morty"
vids. Your home connection is likely too slow to be very
useful for launching broadscale attacks on other systems
as well.

Re: It is now very nearly impossible to install a headless Pi

<up7svl$dhid$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9034&group=comp.sys.raspberry-pi#9034

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!rocksolid2!news.neodome.net!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: tnp...@invalid.invalid (The Natural Philosopher)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Mon, 29 Jan 2024 10:00:21 +0000
Organization: A little, after lunch
Lines: 26
Message-ID: <up7svl$dhid$1@dont-email.me>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
<pGj*4UqBz@news.chiark.greenend.org.uk>
<-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 29 Jan 2024 10:00:21 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="a356c85a19d4ce0439fb1000f5925005";
logging-data="443981"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18WWFFMA/bYfFmTEGzFgC9YlVTm8Ir8V1E="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:cZuzv6cI+ocR2/WRaxtV/sQc4SU=
In-Reply-To: <-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com>
Content-Language: en-GB
 by: The Natural Philosop - Mon, 29 Jan 2024 10:00 UTC

On 29/01/2024 04:54, 68g.1499 wrote:
> North Korea is not
>   going to spend five days worth of CPU time to crack your
>   little home Pi and its valuable horde of "Rick and Morty"
>   vids. Your home connection is likely too slow to be very
>   useful for launching broadscale attacks on other systems
>   as well.

Indeed. I've two servers on the open internet with open ssh ports . In 8
years although there is a constant stream of login attempts no one has
guessed the correct user name - let alone the password.

People get paranoid about stuff they think they know about and forget
the simple things.
A long but easily memorable string like my.cat.hates.PIZZA! will
probably fall to a dictionary attack in a few thousand hours, but
really, who cares?

Sorry, you are not that important, and neither am I.

--
“The urge to save humanity is almost always only a false face for the
urge to rule it.”
– H. L. Mencken

Re: It is now very nearly impossible to install a headless Pi

<9nhk8k-333l1.ln1@esprimo.zbmc.eu>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9040&group=comp.sys.raspberry-pi#9040

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Mon, 29 Jan 2024 12:19:21 +0000
Lines: 30
Message-ID: <9nhk8k-333l1.ln1@esprimo.zbmc.eu>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <pGj*4UqBz@news.chiark.greenend.org.uk> <-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com> <up7svl$dhid$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net KExwEmxZnn1dHqSASiwirgK7KczTXBnFRd8vQ8nz6Cf21Jx/Q=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:TL7LzCooPkS0E7kCCSC/kwPuuKc= sha256:cT7r9jJrbsJdqjDJo3YWBGcvBdpUsoaHZzr2iAq5V7U=
User-Agent: tin/2.6.2-20220130 ("Convalmore") (Linux/5.15.0-91-generic (x86_64))
 by: Chris Green - Mon, 29 Jan 2024 12:19 UTC

The Natural Philosopher <tnp@invalid.invalid> wrote:
> On 29/01/2024 04:54, 68g.1499 wrote:
> > North Korea is not
> >   going to spend five days worth of CPU time to crack your
> >   little home Pi and its valuable horde of "Rick and Morty"
> >   vids. Your home connection is likely too slow to be very
> >   useful for launching broadscale attacks on other systems
> >   as well.
>
> Indeed. I've two servers on the open internet with open ssh ports . In 8
> years although there is a constant stream of login attempts no one has
> guessed the correct user name - let alone the password.
>
> People get paranoid about stuff they think they know about and forget
> the simple things.
> A long but easily memorable string like my.cat.hates.PIZZA! will
> probably fall to a dictionary attack in a few thousand hours, but
> really, who cares?
>
I've never understood how this can work. If you type a wrong password
to ssh it will wait several seconds before allowing you to try again.
In addition it will throw you off completely after three failures and
you'd have to start all over. This is default ssh, no fail2ban or
anything like that.

So how can a dictionary attack possibly work? It would take years!

--
Chris Green
·

Re: It is now very nearly impossible to install a headless Pi

<M3A*mPEBz@news.chiark.greenend.org.uk>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9043&group=comp.sys.raspberry-pi#9043

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.szaf.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED.chiark.greenend.org.uk!not-for-mail
From: theom+n...@chiark.greenend.org.uk (Theo)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: 29 Jan 2024 13:33:38 +0000 (GMT)
Organization: University of Cambridge, England
Message-ID: <M3A*mPEBz@news.chiark.greenend.org.uk>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <pGj*4UqBz@news.chiark.greenend.org.uk> <-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com> <up7svl$dhid$1@dont-email.me> <9nhk8k-333l1.ln1@esprimo.zbmc.eu>
Injection-Info: chiark.greenend.org.uk; posting-host="chiark.greenend.org.uk:212.13.197.229";
logging-data="494"; mail-complaints-to="abuse@chiark.greenend.org.uk"
User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/5.10.0-22-amd64 (x86_64))
Originator: theom@chiark.greenend.org.uk ([212.13.197.229])
 by: Theo - Mon, 29 Jan 2024 13:33 UTC

Chris Green <cl@isbd.net> wrote:
> I've never understood how this can work. If you type a wrong password
> to ssh it will wait several seconds before allowing you to try again.
> In addition it will throw you off completely after three failures and
> you'd have to start all over. This is default ssh, no fail2ban or
> anything like that.

Bombard the machine with SSH connections. There's no delay (aside from the
CPU overhead) for starting a new connection, so don't bother with the
timeout, just throw as many parallel connections at the machine as you can.
If you get rejected, just terminate the TCP connection and open a new one.
Or just wait out the timeout, with X thousand parallel connections it
doesn't waste any resources doing that.

Next, run it via a botnet so each connection comes from a different IP, so
avoiding fail2ban and similar firewall techniques.

Finally, parallelise over a lot of different victims. Maybe you'll get
lucky at one victim, it's just a matter of probabilities.

> So how can a dictionary attack possibly work? It would take years!

These are often not dictionary attacks in the sense of trying all the
dictionary words (including the d1ct10n4ry w0rds etc), but using lists of
known usernames/passwords. Which you can be sure pi:raspberry is on.

Theo

Re: It is now very nearly impossible to install a headless Pi

<up89l5$flhi$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9045&group=comp.sys.raspberry-pi#9045

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!news.hispagatos.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: tnp...@invalid.invalid (The Natural Philosopher)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Mon, 29 Jan 2024 13:36:37 +0000
Organization: A little, after lunch
Lines: 45
Message-ID: <up89l5$flhi$1@dont-email.me>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
<pGj*4UqBz@news.chiark.greenend.org.uk>
<-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com>
<up7svl$dhid$1@dont-email.me> <9nhk8k-333l1.ln1@esprimo.zbmc.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 29 Jan 2024 13:36:37 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="a356c85a19d4ce0439fb1000f5925005";
logging-data="513586"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/2CsMGT+Ieg7JFNtRkLl9HcoShkw1i3dw="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:OzAZgXUjw7yxLljn2YnklQAzTX4=
In-Reply-To: <9nhk8k-333l1.ln1@esprimo.zbmc.eu>
Content-Language: en-GB
 by: The Natural Philosop - Mon, 29 Jan 2024 13:36 UTC

On 29/01/2024 12:19, Chris Green wrote:
> The Natural Philosopher <tnp@invalid.invalid> wrote:
>> On 29/01/2024 04:54, 68g.1499 wrote:
>>> North Korea is not
>>>   going to spend five days worth of CPU time to crack your
>>>   little home Pi and its valuable horde of "Rick and Morty"
>>>   vids. Your home connection is likely too slow to be very
>>>   useful for launching broadscale attacks on other systems
>>>   as well.
>>
>> Indeed. I've two servers on the open internet with open ssh ports . In 8
>> years although there is a constant stream of login attempts no one has
>> guessed the correct user name - let alone the password.
>>
>> People get paranoid about stuff they think they know about and forget
>> the simple things.
>> A long but easily memorable string like my.cat.hates.PIZZA! will
>> probably fall to a dictionary attack in a few thousand hours, but
>> really, who cares?
>>
> I've never understood how this can work. If you type a wrong password
> to ssh it will wait several seconds before allowing you to try again.
> In addition it will throw you off completely after three failures and
> you'd have to start all over. This is default ssh, no fail2ban or
> anything like that.

Not sure how it works, but I see series of attacks spaced about 5
seconds apart. Usually from different IP addresses

>
> So how can a dictionary attack possibly work? It would take years!
>
Well exactly. It's been going on for years!

--
Those who want slavery should have the grace to name it by its proper
name. They must face the full meaning of that which they are advocating
or condoning; the full, exact, specific meaning of collectivism, of its
logical implications, of the principles upon which it is based, and of
the ultimate consequences to which these principles will lead. They must
face it, then decide whether this is what they want or not.

Ayn Rand.

Re: It is now very nearly impossible to install a headless Pi

<up89vo$flhi$4@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9046&group=comp.sys.raspberry-pi#9046

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: tnp...@invalid.invalid (The Natural Philosopher)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Mon, 29 Jan 2024 13:42:16 +0000
Organization: A little, after lunch
Lines: 36
Message-ID: <up89vo$flhi$4@dont-email.me>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
<pGj*4UqBz@news.chiark.greenend.org.uk>
<-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com>
<up7svl$dhid$1@dont-email.me> <9nhk8k-333l1.ln1@esprimo.zbmc.eu>
<M3A*mPEBz@news.chiark.greenend.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 29 Jan 2024 13:42:16 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="a356c85a19d4ce0439fb1000f5925005";
logging-data="513586"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19ZGjHdRaGBclOCqjwH2l2fSRaCl2sUGqM="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:cv2iSriFrGIq4Qt0lcllmFQSDrI=
Content-Language: en-GB
In-Reply-To: <M3A*mPEBz@news.chiark.greenend.org.uk>
 by: The Natural Philosop - Mon, 29 Jan 2024 13:42 UTC

On 29/01/2024 13:33, Theo wrote:
> Chris Green <cl@isbd.net> wrote:
>> I've never understood how this can work. If you type a wrong password
>> to ssh it will wait several seconds before allowing you to try again.
>> In addition it will throw you off completely after three failures and
>> you'd have to start all over. This is default ssh, no fail2ban or
>> anything like that.
>
> Bombard the machine with SSH connections. There's no delay (aside from the
> CPU overhead) for starting a new connection, so don't bother with the
> timeout, just throw as many parallel connections at the machine as you can.
> If you get rejected, just terminate the TCP connection and open a new one.
> Or just wait out the timeout, with X thousand parallel connections it
> doesn't waste any resources doing that.
>
> Next, run it via a botnet so each connection comes from a different IP, so
> avoiding fail2ban and similar firewall techniques.
>
> Finally, parallelise over a lot of different victims. Maybe you'll get
> lucky at one victim, it's just a matter of probabilities.
>
>> So how can a dictionary attack possibly work? It would take years!
>
> These are often not dictionary attacks in the sense of trying all the
> dictionary words (including the d1ct10n4ry w0rds etc), but using lists of
> known usernames/passwords. Which you can be sure pi:raspberry is on.
>
But grumpyOldSod:suckMyDick.57 probably is not...

> Theo

--
"First, find out who are the people you can not criticise. They are your
oppressors."
- George Orwell

Re: It is now very nearly impossible to install a headless Pi

<gpal8k-49jm1.ln1@esprimo.zbmc.eu>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9054&group=comp.sys.raspberry-pi#9054

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Mon, 29 Jan 2024 19:27:12 +0000
Lines: 36
Message-ID: <gpal8k-49jm1.ln1@esprimo.zbmc.eu>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <pGj*4UqBz@news.chiark.greenend.org.uk> <-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com> <up7svl$dhid$1@dont-email.me> <9nhk8k-333l1.ln1@esprimo.zbmc.eu> <up89l5$flhi$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net FytP1aSbxnP7WTeAGVfLcwZZbfJv4dDpITqqcloUuFUv6w4+M=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:dP31vxEzLAprqxHPBcY9y9r74hs= sha256:teZnF+04oM0S4wxCsQuCEdpC+VVYQ6NtXZ8o6bLnJUo=
User-Agent: tin/2.6.2-20220130 ("Convalmore") (Linux/5.15.0-91-generic (x86_64))
 by: Chris Green - Mon, 29 Jan 2024 19:27 UTC

The Natural Philosopher <tnp@invalid.invalid> wrote:
> On 29/01/2024 12:19, Chris Green wrote:
> > The Natural Philosopher <tnp@invalid.invalid> wrote:
> >> On 29/01/2024 04:54, 68g.1499 wrote:
> >>> North Korea is not
> >>>   going to spend five days worth of CPU time to crack your
> >>>   little home Pi and its valuable horde of "Rick and Morty"
> >>>   vids. Your home connection is likely too slow to be very
> >>>   useful for launching broadscale attacks on other systems
> >>>   as well.
> >>
> >> Indeed. I've two servers on the open internet with open ssh ports . In 8
> >> years although there is a constant stream of login attempts no one has
> >> guessed the correct user name - let alone the password.
> >>
> >> People get paranoid about stuff they think they know about and forget
> >> the simple things.
> >> A long but easily memorable string like my.cat.hates.PIZZA! will
> >> probably fall to a dictionary attack in a few thousand hours, but
> >> really, who cares?
> >>
> > I've never understood how this can work. If you type a wrong password
> > to ssh it will wait several seconds before allowing you to try again.
> > In addition it will throw you off completely after three failures and
> > you'd have to start all over. This is default ssh, no fail2ban or
> > anything like that.
>
> Not sure how it works, but I see series of attacks spaced about 5
> seconds apart. Usually from different IP addresses
>
Well, as I said, at 5 seconds per attempt a dictionary attack is
hopeless.

--
Chris Green
·

Re: It is now very nearly impossible to install a headless Pi

<lnal8k-49jm1.ln1@esprimo.zbmc.eu>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9055&group=comp.sys.raspberry-pi#9055

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Mon, 29 Jan 2024 19:26:13 +0000
Lines: 35
Message-ID: <lnal8k-49jm1.ln1@esprimo.zbmc.eu>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <pGj*4UqBz@news.chiark.greenend.org.uk> <-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com> <up7svl$dhid$1@dont-email.me> <9nhk8k-333l1.ln1@esprimo.zbmc.eu> <M3A*mPEBz@news.chiark.greenend.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net LOPR8NmaS11JL2Szb76pQwLtDfc4gXcsP+MptkhN58rG/d9u8=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:uDvQFKVdbQbGWVHSkqwxKATdKF4= sha256:PdjplkggfGoCDFYxn1jaY0YE/XiLOtoINxz3QlKPFTA=
User-Agent: tin/2.6.2-20220130 ("Convalmore") (Linux/5.15.0-91-generic (x86_64))
 by: Chris Green - Mon, 29 Jan 2024 19:26 UTC

Theo <theom+news@chiark.greenend.org.uk> wrote:
> Chris Green <cl@isbd.net> wrote:
> > I've never understood how this can work. If you type a wrong password
> > to ssh it will wait several seconds before allowing you to try again.
> > In addition it will throw you off completely after three failures and
> > you'd have to start all over. This is default ssh, no fail2ban or
> > anything like that.
>
> Bombard the machine with SSH connections. There's no delay (aside from the
> CPU overhead) for starting a new connection, so don't bother with the
> timeout, just throw as many parallel connections at the machine as you can.
> If you get rejected, just terminate the TCP connection and open a new one.
> Or just wait out the timeout, with X thousand parallel connections it
> doesn't waste any resources doing that.
>
> Next, run it via a botnet so each connection comes from a different IP, so
> avoiding fail2ban and similar firewall techniques.
>
> Finally, parallelise over a lot of different victims. Maybe you'll get
> lucky at one victim, it's just a matter of probabilities.
>
> > So how can a dictionary attack possibly work? It would take years!
>
> These are often not dictionary attacks in the sense of trying all the
> dictionary words (including the d1ct10n4ry w0rds etc), but using lists of
> known usernames/passwords. Which you can be sure pi:raspberry is on.
>
OK, so it may be slightly more possible than I was surmising. However
a Raspberry Pi isn't that fast, it'll run out of puff quite rapidly!
My B+ takes quite a while just to log me in with password
authentication! :-)

--
Chris Green
·

Re: It is now very nearly impossible to install a headless Pi

<up9hlm$m75n$5@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9058&group=comp.sys.raspberry-pi#9058

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!rocksolid2!news.neodome.net!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo...@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Tue, 30 Jan 2024 00:59:35 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 6
Message-ID: <up9hlm$m75n$5@dont-email.me>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
<pGj*4UqBz@news.chiark.greenend.org.uk>
<-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com>
<up7svl$dhid$1@dont-email.me> <9nhk8k-333l1.ln1@esprimo.zbmc.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 30 Jan 2024 00:59:35 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="ba17ffef95be9ddc6f864a9afa7ca434";
logging-data="728247"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+oQk/P4LcsT/pxvr86zW1k"
User-Agent: Pan/0.155 (Kherson; fc5a80b8)
Cancel-Lock: sha1:O/kmgPqNRrzQmvcnHyoK3s/mOvU=
 by: Lawrence D'Oliv - Tue, 30 Jan 2024 00:59 UTC

On Mon, 29 Jan 2024 12:19:21 +0000, Chris Green wrote:

> So how can a dictionary attack possibly work? It would take years!

Particularly if you don’t allow password-based logins in the first
place ...

Re: It is now very nearly impossible to install a headless Pi

<kqacnZzQ4IKgDCX4nZ2dnZfqn_WdnZ2d@earthlink.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9062&group=comp.sys.raspberry-pi#9062

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!69.80.99.26.MISMATCH!Xl.tags.giganews.com!local-2.nntp.ord.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail
NNTP-Posting-Date: Tue, 30 Jan 2024 06:03:41 +0000
Subject: Re: It is now very nearly impossible to install a headless Pi
Newsgroups: comp.sys.raspberry-pi
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu> <pGj*4UqBz@news.chiark.greenend.org.uk> <-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com> <up7svl$dhid$1@dont-email.me>
From: 68g.1...@etr6.net (68g.1499)
Organization: hexfet fermion
Date: Tue, 30 Jan 2024 01:03:40 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <up7svl$dhid$1@dont-email.me>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Message-ID: <kqacnZzQ4IKgDCX4nZ2dnZfqn_WdnZ2d@earthlink.com>
Lines: 70
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 99.101.150.97
X-Trace: sv3-RA4W0O4UFwokk+QuBHKb123wZvgLmJXiA428IOyFVdTaEdCdFWvVYfvaGhGpFoHwjzOAuFKt0L1jnFv!rNuqeIUeZZPEXLOUIMcYM8kE0S+N+S0M1HjoxXJ6DMstgmiHpeT7ZA9+h4A6YY7g5ejJbsJuDPGi!AOjfFiAoqPcQg6jA0kvl
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
 by: 68g.1499 - Tue, 30 Jan 2024 06:03 UTC

On 1/29/24 5:00 AM, The Natural Philosopher wrote:
> On 29/01/2024 04:54, 68g.1499 wrote:
>> North Korea is not
>>    going to spend five days worth of CPU time to crack your
>>    little home Pi and its valuable horde of "Rick and Morty"
>>    vids. Your home connection is likely too slow to be very
>>    useful for launching broadscale attacks on other systems
>>    as well.
>
> Indeed. I've two servers on the open internet with open ssh ports . In 8
> years although there is a constant stream of login attempts no one has
> guessed the correct user name  - let alone the password.

Similar experiences here too and more like 15 years. They always
seem to use a list of "common usernames" and another list of
"common passwords". The 'smartest' one used some names from
the company e-mail acct. In short, all script kiddies - bots -
no pro/State-level stuff. Sorry to burst many egos, but really
is YOUR server WORTH five CPU-seconds by N.Korea ???

> People get paranoid about stuff they think they know about and forget
> the simple things.

Well ... there's $$$ in being a doom-sayer. Articles and
'news' (and security-ware vendors) always hype it up.
I get several End-Of-The-World mails from Norton every
single week.

You have to THINK about YOUR place on the hack-worthy
totem pole and THEN act accordingly.

For SSH I never ever use the default port - and that seems
to deter 99.9% of the bots right off. Limit max tries/sessions/
connections and that'll get rid of 99.9% of the remaining.
Movie-style "hacking" is just not WORTH it for home/smallbiz
systems. They go for the BIG stuff - banks/M$/SolarWinds/etc.

> A  long but easily memorable string like  my.cat.hates.PIZZA! will
> probably fall to a dictionary attack in a few thousand hours, but
> really, who cares?

It's OK to use more-obscure dictionary words, just break
it up with a few numbers/characters. 10-12 chars total
is more than bots are interested in trying to figure out.
Anyway, this way YOU can remember it, THEY can't be bothered
trying to work it out.

The continuing most-dangerous thing out there is not "hacking"
but "human factors" - esp mail-based ransomware and to some
degree "click-ware". Humans never look for the ".ru" or
whether the mail "smells right" - they just click the big
shiny link. Those are SO EASY to mass-distribute that if
even 0.05% fall for it they've made their money.

My successor is really really good with GiantCorp package
offerings but I'm afraid he's kinda thin on the skills to
actually analyze/research a smelly e-mail. So long as
he can say it's M$'s fault the nasty thing got through ...

> Sorry, you are not that important, and neither am I.

"Paranoia" is actually a mutant form of EGOTISM ...
where some nobody comes to think THEY are SO
important that giant spectral orgs and States are
gonna spend millions and CPU-years and thousands
of man-hours just to mess around with them.

Then comes the tinfoil wallpaper and hats and lead-
lined underwear... and then proof of conspiracy when
the cell reception gets crappy ...

Re: It is now very nearly impossible to install a headless Pi

<upainr$umbf$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=9065&group=comp.sys.raspberry-pi#9065

 copy link   Newsgroups: comp.sys.raspberry-pi
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: new...@druck.org.uk (druck)
Newsgroups: comp.sys.raspberry-pi
Subject: Re: It is now very nearly impossible to install a headless Pi
Date: Tue, 30 Jan 2024 10:23:53 +0000
Organization: A noiseless patient Spider
Lines: 30
Message-ID: <upainr$umbf$1@dont-email.me>
References: <k4fd8k-d8d71.ln1@esprimo.zbmc.eu>
<pGj*4UqBz@news.chiark.greenend.org.uk>
<-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com>
<up7svl$dhid$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
Injection-Date: Tue, 30 Jan 2024 10:23:55 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="b7151037179080baae728282b6ebc794";
logging-data="1005935"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+7bGFG4Ghscz07mhn1aHvK"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:N0ePoPIdItfKwTFUAlsIsrS7HyA=
Content-Language: en-GB
In-Reply-To: <up7svl$dhid$1@dont-email.me>
 by: druck - Tue, 30 Jan 2024 10:23 UTC

On 29/01/2024 10:00, The Natural Philosopher wrote:
> On 29/01/2024 04:54, 68g.1499 wrote:
>> North Korea is not
>>    going to spend five days worth of CPU time to crack your
>>    little home Pi and its valuable horde of "Rick and Morty"
>>    vids. Your home connection is likely too slow to be very
>>    useful for launching broadscale attacks on other systems
>>    as well.
Your broadband is plenty fast enough to launch DDNS attacks along with
thousands of other compromised systems. It's the sheer number of
compromised machines on a botnet rather than their connection speeds
which makes it a problem.
> Indeed. I've two servers on the open internet with open ssh ports . In 8
> years although there is a constant stream of login attempts no one has
> guessed the correct user name  - let alone the password.
Most of the attempts are against root or known service names, but there
are lots of username/password attempts which have probably come from
other successfully compromised systems, reminding you to never reuse
credentials.
> People get paranoid about stuff they think they know about and forget
> the simple things.
> A  long but easily memorable string like  my.cat.hates.PIZZA! will
> probably fall to a dictionary attack in a few thousand hours, but
> really, who cares?
>
> Sorry, you are not that important, and neither am I.
Your Pi may not be very important, but else can they get to once inside
your network? And do you really want it to be used to attack others?
---druck

Pages:1234
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor