Just after setup of raspberry pi, there is an opportunity to connect via
ssh to newly created machine just typing:
And the default password is :
After the basic configuration a lot of amateur users leave everything as is when it start workings as planned, usually leaving the default security settings.
So it's still possible to join to this
raspberry as root and access all the data available on it and the network. And if somebody unwanted joins your
wifi and founds out free
server with your data just because default password was not changed.
Even the pios itself says
SSH is enabled and the default password for the 'pi' user has not been changed. This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.
So change of a password should be the first thing you do after first connecting to pi via
So create new user:
sudo adduser user_name
Add him to the sudo group:
sudo adduser user_name sudo
Now you can reconnect to shh as
user_name or just
su to the new user. I prefer the 1st option to ensure the new user works.
Under a new user time to block user
sudo passwd --lock pi
On a client machine (your computer not the PI)
Create a RSA key pair if you don`t have one:
And create backup of them, they are located in
Now it's time to associate your key with newly created user on raspberry.
After successful passwordless login, it's time to disable login by password at all.
Edit the ssh service config
sudo nano /etc/ssh/sshd_config
Change the line:
Now restart the
sudo systemctl restart ssh.service