How to Rename the Default Raspberry Pi User

NOTE: The article below applies only to Raspian distributions published before April 2022. At that point, the default “pi” user was dropped, for sound security reasons. Subsequent releases include an alternative, and more secure, process for creating a user of your choice (detailed at the above link).

The rest of this article remains online for historical reasons only, and should no longer be used. (author, 6/7/24).

Historical Article

The Raspberry Pi comes with a default user called “pi”, whose initial password is also set to a well known default. While this makes it easy to use the system, it is not very secure. Anyone with physical access to your Pi could login with these widely known credentials. Furthermore, if you have enabled the SSH server, users on the local network could do the same.

Even if you have changed the “pi” user password, just having a user name that is universally known is still a security risk. The following article explains how to safely rename the “pi” user to something more secure.  This article was last updated on 31st May 2020 and tested with Raspbian (Raspios) Buster release 27/5/2020. Continue reading

BT Home Hub Cannot Access SSL Website

This article explains why the BT Home Hub routers appears unable to access SSL/TLS (https) websites on your internal home network.  It may interest users in the UK, where the Home Hub is a popular router/ADSL modem.

Hosting your own website(s) at home is pretty easy these days.  You have a small server running Apache, and configure your router to forward port 80 to it.  For SSL sites, you forward port 443.  That’s about it. Continue reading

How to disable LDAP Authentication in Linux

After a customer had performed some bad edits on various LDAP configuration files, users were locked out and unable to access the system. Root could still login however.

I logged in as root, and rather than mess with various config files, eg under /etc/pam.d, ran this command to disable LDAP authentication and enable “normal” authentication using /etc/shadow: Continue reading

Sendmail Authentication for Local Mail Delivery

These days, service providers like British Telecom have tightened up their requirements on email delivery. Most ISPs now accept email only from servers that can authenticate through SMTP. Sendmail has authentication built in, allowing administrators to use an “authinfo” file, for example. The server then authenticates every time it sends mail out to the ISP.

That’s great for reducing spam. But it can have a side-effect of killing local mail on the server. Here is an recent example from Debian Squeeze. The authentication features that allowed this server to successfully send mail through the ISP were preventing local mail from working: Continue reading

Copying Directories with SSH

Copying data is something every administrator does.  A single file or directory file can be copied with a single command.  Moving information from one system to another needs a bit more work, but it needn’t be a pain.

The ssh command can be used to copy data from one Unix system to another.    Here is an example for HP-UX, but it works on Linux too.  A directory, called /var/opt/ignite, is copied from the system “pluto” to another machine called “jupiter”. Continue reading