The Raspberry Pi is a great invention – an affordable, hand-sized computer created by a foundation of industry experts to help people of all ages learn how to code and bring their tech ideas to life. Since 2015, Raspbian has been officially provided by the Raspberry Pi Foundation as the primary operating system for use on the Pi.
One trade-off of it being easy to use is that there are a few security issues with Raspbian out of the box. Thankfully, Raspbian is highly customizable so these are fairly straightforward to fix. This guide will walk you through the first few steps to securing your new machine.
Create a New Super User and Password
By default, the administrator – or super user – is called “pi,” and the password is “raspberry.” Obviously, this is very insecure as it means that anybody with malicious intentions who has physical (or network) access to the machine can run rampant.
So the first thing you need to do is create a new (sudo) user. Enter the following command into the terminal (replacing “rob” with the username you would like to use):
sudo /usr/sbin/useradd --groups sudo -m rob
Your super user name has now been created. Next, you’ll need to assign yourself a password. To do this, type:
sudo passwd rob
You will now be prompted to enter a password. Remember to pick something that is strong and difficult to guess. Avoid common or obvious words like “password” and try to use a mixture of capital, numeric and special characters – the longer the better! Enter and then re-enter your password to confirm.
Before moving on, you need to check that our new user is set up correctly. (if you are only using the command line interface or SSH, you can skip this step.)
At this point, if you are using the full desktop version of Raspbian, you need to go to Menu (Raspberry Pi logo) -> Preferences -> raspberry pi configuration, then uncheck the “auto login as current user” box and click OK to save the changes.
When you’re done, reboot the system:
Next, you’ll need to check you’ve correctly enabled
sudo (administrative) privileges. Log in with the new user you have created, open the terminal and run the command:
Enter your password when prompted. You can see you’ve correctly set “rob” up as a sudo user and can go ahead and disable the default “pi” user.
Disable the “Pi” User
At the time of writing this guide, the “pi” user is still needed for certain system functions. So instead of fully removing it (which may cause problems further down the line), you’ll simply lock it by forcing the password to expire. To do this, enter:
sudo passwd -l pi
You need to test this by rebooting, then attempting to log in as “pi,” so go ahead and do that. You won’t be able to login as “pi.”
Now that you’ve changed the default user settings, you need to make sure that your machine stays up to date to take care of any security vulnerabilities. To do this, just run the command:
sudo apt-get update && sudo apt-get dist-upgrade
You will be prompted for your password. Assuming there are updates and upgrades to install, it will tell you the amount of space they will take up on the SD card and prompt you to press “y” or “n” to continue. Hit “y,” then Enter to run the updates.
You’ve now has updated all installed packages. It’s worth noting that previous updates are stored on the machine, so depending on how much free space you have on your SD card, you may wish to run the following command to remove the previously downloaded updates:
sudo apt-get clean
That’s it! You’ve now disabled “pi” and learnt how to update the system, making it infinitely more secure than it was before. Depending on what you are using your Pi for, some next steps to consider might be installing a firewall or setting up RSA keys to secure SSH access. Leave a comment if you’d like to see this, and we may just end up writing about it!