ALERT!! ACHTUNG!! HUOMIO!!We've spotted a minor (potentially major) security issue with the image that was distributed with the shipped units. The user pi and root both have some ssh credentials set. You should remove these so that no one can access your unit. (This should not be such big issue if you're behind NAT).
How to correct this:- SSH into your Raspberry Pi with user pi (default password = raspberry)
- Type commands
sudo rm -rf .ssh
sudo rm -rf /root/.ssh
sudo reboot
- SSH into your Raspberry Pi with user pi (default password = raspberry)
And you should also change your default password, otherwise the unit can still be accessed.
Thanks a lot for putting together this thread!
So just so that I understand, if I SSH into my rPi using those credentials, reset my password and then remove SSH using the first set of commands, won't that lock me out? How am I supposed to re-login into my rPi in the future if not via SSH and will the new login/password still remain?