Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
security [2020/01/28 20:34] – created genetik57security [2023/09/17 16:36] (current) – Add more detail regarding Enforce Security effects maximumentropy
Line 1: Line 1:
-~~NOTOC~~ +====== Changing the default root (ssh) password ======
-===== Security =====+
  
 //Security// is a big name for a retrogaming OS. Batocera is not a designed to be a secure OS. Don't expose it to the open Internet: you are warned and you will take all responsibility for what happens. //Security// is a big name for a retrogaming OS. Batocera is not a designed to be a secure OS. Don't expose it to the open Internet: you are warned and you will take all responsibility for what happens.
  
-In this menu, you have the option to+There is the option to **Enforce Security** in Batocera; this will have three effects upon rebooting: 
-   Enforce securitylet you change the default password for ''root'' (otherwise you'll stay with the default password ''linux''+ 
-  *  Change the ''root'' password. +  - The password for root will be changed from ''linux'' to a randomly generated password, which you can see in System Settings, Security section. 
 +  - Access to the shared folders from another computer over the network using CIFS (also known as SMB or Samba) will require you to provide the user name ''root'' and the password 
 +  - The configuration file used by Samba will be `/etc/samba/smb-secure.conf` instead of `/etc/samba/smb.conf`, so any overlay customizations will need to be made in the alternate file. 
 + 
 +However, if you want to change the password yourself you can go to Main Menu > System Settings > Security > Root Password. 
 + 
 +If you would like to do this over SSH: 
 + 
 +  - First, make sure you have **Enforce Security** enabled as explained above 
 +  - Connect to your Batocera [[access_the_batocera_via_ssh|using SSH]] form another device 
 +  - Type the following command : ''%%batocera-config setRootPassword [password]%%'' (replace ''[password]'' with the password you want). 
 +  - Use the ''batocera-config getRootPassword'' command to see if your changes were applied. 
 +  - Reboot the system, and you should be able to connect to it using the new password. 
 + 
 +<WRAP center alert 60%> 
 +The Samba protocol (Batocera's userdata network share) as a whole is a major attack surface and should not be trusted on a public network at all (even if **Enforce Security** is turned on). This is among other features Batocera has turned on by default that pose as a security-risk. The gist of it is this: only connect your Batocera machine to your trusted home network, behind a firewall. 
 +</WRAP> 
 + 
 +<WRAP center round important 60%> 
 +Certain actions, such as adding or removing an ethernet network interface, may cause the password to be randomized on the next reboot!  Be sure to have another way to access the system if an unexpected randomization occurs, such as [[access_the_batocera_via_ssh#password-less_authentication|Password-less authentication]] 
 +</WRAP> 
 + 
  • security.1580240064.txt.gz
  • Last modified: 4 years ago
  • by genetik57