Received: from gapmx.vk4msl.com (gapmx.vk4msl.com [IPv6:2001:44b8:21ac:70f8::8]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 966AD225A1D for <~alpine/users@lists.alpinelinux.org>; Sat, 18 Jan 2025 04:09:05 +0000 (UTC) Received: from gapmx.vk4msl.com (gapmx.vk4msl.com [127.0.0.1]) by gapmx.vk4msl.com (Postfix) with ESMTP id 20C4121035 for <~alpine/users@lists.alpinelinux.org>; Sat, 18 Jan 2025 14:07:26 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=vk4msl.com; h=message-id :date:mime-version:subject:to:references:from:in-reply-to :content-type:content-transfer-encoding; s=gapmx; bh=xZkkMK1wXLm qMrJlV60po7rAPLAd0w/xCkzNRFjKxDQ=; b=igLQyJpDw/o70bDQyrfgKtJWBRv 4srUWNM7Kvm8G3xUgPTszM1j/a+bPl00eooVhjxiE9LuGvun26zYaktAuU8Mls7d F0Qa+yROZJlQwf/NQxXMvxWiJjdWN0K4ZPljLMAeUdagWwenluiQJ9g8j9+diSZs cw4U1rM2AadkqCE5q/Q7feYB7aylU8xG5TR22XjU515xQWfrurmzI4HQcFHX+o4C D8Y8vHMmf12vZ6KlfzOx3QH1cwlYKOJ15fNyRwKIDa30rfBzlw13BpiCzx+B0h4d m7+zqMsCWNnlUbWLUl5/rvfN6iuJfHQcwdfT6l8pmGZQWnvScStnET6AgeuDsoxq Ty5sFt/00B315neto3QirSv+N0yTyDjT3lE9d0I22yFs+EeYlQk5fH1LNgQkF/02 HrAum1dP1cWgdWKijipVrUG2zH+7Rp2428GoixcauSeOWgRUVe2UJgG7NnkK50+H SeSAfgJ1Xmc8rHSHja98rkB3HSnbuqhpX48W3moZIcGTZmaMEozZeHR+S1Lietud 1sZBPPUnBbt3Hx5shpQbsWsot6+M5bE52r1xtop+DiE5hNexC6IcIPj2URxuvnPQ XsbqnxT0BchAwx68v87imXAwa+bBbhPIYOX4389LxNNPQ7EMWvGOOKbeL1lTQtRz VeqOPybtfW2sr+bU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=vk4msl.com; h=message-id :date:mime-version:subject:to:references:from:in-reply-to :content-type:content-transfer-encoding; q=dns; s=gapmx; b=cizb0 q1C00IeVfjZMCX0NBDrnA/6hwUrc1bfCeQMXdDXvP8+nZDvUuMYJcR4NARyzx1Qb Lb8IWl1RBsWyAsJ7uJtAG+/ytlgFxjwF1Wlq3/0o2UKTGHGQVFuEnezGfB6rmuo3 FITWHZOL6XQrw5njGqflT/2mAa4baK+dQ5xig7aMVRc9W6PUwdpYelI2IsIfBkVb /shh8rvq9zQJQiiSFvLRKpfyCsIa1U4d1YvH5KTwVMeZGonIHMFYoj03QgRT8nsP 5dmAMg8k/3cqPiBUGGC96K1NgsLtWzKNHSP6eUaLO1sDF9j88ITQEOoSrwT2W4Ik cE7Hhn6ao4ivjWHsY67FqP8PsRZF1uhk3N4xtrC6yqNGDDY1zID/jpcUQYPm0Ldw dJPyN9VUkQRmNq+Nh0sCB0ka0jLF90mfb3xM4xqvQNcaMTk+LH0ZR4xESCkGGMNZ oaSDkIWKqPGJWqFMoLKfUPpn9vbEBA2yH6U1EuyJ+ts9Kp7zQA/7a3Ug3AAG0lBu V0m6zKtjpbOxQda6rghITaYvrFo7/myxCIpAGsnoxCm47XCgJRYqrfWXfLprtA4e K3xrTmgTVQ5FioKHRJ5H9zt/2ITIR7a2RUg/Fo/CWuQrBWquU30Wa/lvfKpJ+i8l g0tOZGr+/BboH6MM07N+qlEAS7SbMY85lfEcqA= Received: from [IPV6:2001:44b8:21ac:7053:42a3:8dd8:71b7:9032] (unknown [IPv6:2001:44b8:21ac:7053:42a3:8dd8:71b7:9032]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by gapmx.vk4msl.com (Postfix) with ESMTPSA id 6233621034 for <~alpine/users@lists.alpinelinux.org>; Sat, 18 Jan 2025 14:07:08 +1000 (AEST) Message-ID: <510dcdfa-9c6e-441a-8490-691bf5047bb9@vk4msl.com> Date: Sat, 18 Jan 2025 14:08:37 +1000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Pi5 Installation v 3.21 from SD - need initial password for root (SSH) To: ~alpine/users@lists.alpinelinux.org References: Content-Language: en-AU From: Stuart Longland VK4MSL In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 16/1/25 09:45, Gerald Pechoc wrote: > I tried to install Alpine Linux 3.21 from SD-Card on Pi5. The card was > prepared with Pi-Imager. > All seems to work fine, Pi is booting and because of DHCP-fix address I > could start SSH root@[ip-addr] but the hint I found very frequently in > internet search results – user root, no password – is no longer valid > for version 3.21. Nor should it ever be valid. Password authentication on the `root` account is a major security issue. Password authentication using an empty password for the `root` account is asking for trouble. 0. Generate a SSH keypair (`ssh-keygen`) and have the public key handy (it'll be a long string starting with "ssh-${ALGO}") 1. Create a non-root user with a non-empty password on the Pi if you have not already done so. Ensure that the `~user.ssh` directory exists. 2. `scp /path/to/your/key.pub user@[ip-addr]:.ssh/authorized_keys`, verify that you can log in using your SSH key using `ssh user@[ip-addr]`. 3. Log in as `root` on a console on the `pi`; then run these commands: # mkdir /root/.ssh # cp ~user/.ssh/authorized_keys /root/.ssh # chown -R root:root /root/.ssh # chmod 0600 /root/.ssh/* Now, try logging in as `root@[ip-addr]`, you'll now be able to log-in using public key authentication using your private key. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.