search

kenfallon / fix-ssh-on-pi

Safely enabling ssh in the default Raspberry Pi OS (previously called Raspbian) Image
MIT License
80 stars 36 forks source link

rename ini_example to ini, and include encrypted pw instead #15

Closed derabbink closed 2 years ago

derabbink commented 2 years ago

The parameters file fix-ssh-on-pi.ini_example was presumably named this way so nobody would accidentally commit a plain text password to source control. This change renames that file to just fix-ssh-on-pi.ini and expects an encrypted password to be put in there instead. This still prevents any reasonable user from committing plain passwords to source control, but it removes the extra step of having to copy the example file to a "real" one.

The readme has been extended with instructions on how to generate an encrypted password string (which leads to a shell escaped output string). This method also prevents plain passwords from ending up in anyone's shell history.

kenfallon commented 2 years ago

Hi derabbink

I'm not inclined to rename the ini file because it needs to be edited.

As others recommended it's more secure to store the hash in the ini file so I'm planning on doing that instead.

Ken.