Changing the default root (ssh) password

Security is a big name for a retrogaming OS. Batocera is not a designed to be a secure OS. Don't expose it to the open Internet: you are warned and you will take all responsibility for what happens.

There is the option to Enforce Security in Batocera; this will have three effects upon rebooting:

  1. The password for root will be changed from linux to a randomly generated password, which you can see in System Settings, Security section.
  2. Access to the shared folders from another computer over the network using CIFS (also known as SMB or Samba) will require you to provide the user name root and the password
  3. The configuration file used by Samba will be `/etc/samba/smb-secure.conf` instead of `/etc/samba/smb.conf`, so any overlay customizations will need to be made in the alternate file.

However, if you want to change the password yourself you can go to Main Menu > System Settings > Security > Root Password.

If you would like to do this over SSH:

  1. First, make sure you have Enforce Security enabled as explained above
  2. Connect to your Batocera using SSH form another device
  3. Type the following command : batocera-config setRootPassword [password] (replace [password] with the password you want).
  4. Use the batocera-config getRootPassword command to see if your changes were applied.
  5. Reboot the system, and you should be able to connect to it using the new password.

The Samba protocol (Batocera's userdata network share) as a whole is a major attack surface and should not be trusted on a public network at all (even if Enforce Security is turned on). This is among other features Batocera has turned on by default that pose as a security-risk. The gist of it is this: only connect your Batocera machine to your trusted home network, behind a firewall.

Certain actions, such as adding or removing an ethernet network interface, may cause the password to be randomized on the next reboot! Be sure to have another way to access the system if an unexpected randomization occurs, such as Password-less authentication

  • security.txt
  • Last modified: 7 months ago
  • by maximumentropy