4 – Disable the pi userĪs I said, the pi user is one of the most brute-forced logins with root.
If you need some ideas, this website offers an easy-t-remember password generator (yes it’s mine, but I love that kind of password). Try to use a sentence with over 15 characters to be safe against brute-force attacks, and to remember it easily (ex: iloveraspberrytips is a good password easy to remember).
So many people are scanning SSH ports and trying to log in with pi/raspberry.Ĭhanging the default password should be the first thing to do on a new installation.ĭoing this is easy, login as pi and enter this command: Passwd -l 3 – Change the default password for piĪ common mistake is to leave the default password on the pi user (raspberry).Īnyone who has already used a Raspberry Pi will know this password. This will display only accounts with an empty password. If you have a lot of user accounts, these commands could help you: If you have a few accounts, it’s easy to check all access. Make sure that nobody uses an empty password on the Raspberry Pi.
I won’t list all apps, but for example, if you have a web server, make sure that personal data or administration pages aren’t accessible without a password. This should be ok, you can debug your configuration with this command:ĭon’t forget to check the log file and/or the emails received to make sure everything is working as expected.įirst: make sure that all critical access asks for a password.ĭon’t use auto-login and be sure to add a login step for each application you can access directly.The last line is the verbose level you’ll get in the /var/log/unattended-upgrades and email (1= low, 3=max).
We ask apt to make: update, download upgrades, install upgrades, and auto-clean every day.
This will enable an automatic update every day.
Follow all of the tips included for a more critical setup, with Internet access or on a larger network. If you are just using your Raspberry Pi at home, try to apply the first tips at the very least. I’ll share 17 security tips that you should follow to get higher security for your Raspberry Pi (and they mostly apply to all Linux systems). And there are also more complex steps like detecting attacks or using encryption. There are logical steps, like using a strong password. Improving the security on a Raspberry Pi is similar to any other Linux device. In this article, I’ll show you everything I do with my Linux servers at work to keep them safe. If you use it at home or in a small network, it isn’t a big deal, but if you open ports on the Internet, use it as a Wi-Fi access point, or if you install it on a larger network, you need to take security measures to protect your Raspberry Pi. Raspberry Pi comes with poor security by default.