Comment

Comment on How to setup my own home server & make it available to anyone?

bustrpoindextr@lemmy.world ⁨1⁩ ⁨year⁩ ago

Also WRT telemetry: forums.raspberrypi.com/viewtopic.php?t=341514

The only telemetry is pertaining to what the imager is burning to the card. So if you don’t use the imager there’s no telemetry, if you use the imager but disable telemetry, there’s no telemetry, if you don’t disable it, it just sends back what you’re installing.

source

Sort:hotnew top

TCB13@lemmy.world ⁨1⁩ ⁨year⁩ ago
Here the problem: they’re forcing people into the Raspberry Pi Imager with shady tactics. Without it you won’t be able login via network out of the box and by default it enables telemetry. This isn’t okay.

source
- bustrpoindextr@lemmy.world ⁨1⁩ ⁨year⁩ ago
  I’ve already spoken about the “telemetry” but here’s your ssh login. Literally all the installer is doing is adding a blank file.
  
  phoenixnap.com/kb/enable-ssh-raspberry-pi#:~:text….
  
  Then if you don’t want to do that every time, just create an image for it. That’s your new image to flash onto the SD cards.
  
  There’s nothing stopping you from not using the imager. dd works just fine. There’s no telemetry on the OS itself, so here’s how you personally get what you’re looking for.
  
  dd the base image to a card
  
  verify the card and image are working properly by booting on a pi
  
  turn off pi
  
  insert card into computer and create file in boot directory
  
  create a new bootable backup image from the card, and save that on the computer it’s plugged into, cloud or local backup storage you’re running, whatever
  
  dd that image as the base image for all new cards.
  
  source
  - TCB13@lemmy.world ⁨1⁩ ⁨year⁩ ago
    
    but here’s your ssh login. Literally all the installer is doing is adding a blank file.
    
    Yes and why are they forcing us to go through hoops / non standard BS instead of doing it like any other SBC and just enabled by default. Armbian does it and once you login you’re required to change the password for security.
    
    I remember before the imager the RPi also had SSH enabled by default. Don’t sugar coat it around security, this is bullshit to force people into their imager.
    
    source
    bustrpoindextr@lemmy.world ⁨1⁩ ⁨year⁩ ago
    None of this forces you to use their imager though… It’s barely a hoop, most people running multiple pi’s as servers will have done this for a reason other than ssh anyway.
    
    And yes one solution to this security problem is to require changing the username and password, the more effective solution is to not have the process running at all, unless specifically enabled. I’m sure that sentence sounds familiar from your company’s security team.
    
    Raspberry pi’s serve a lot of purposes, many of those purposes don’t need ssh. But if you enable it by default that opens the pi up to being a target, which we saw be a huge problem before this change.
    
    Also, this is not the only distribution that has ssh disabled by default. It’s just the only popular distribution I’m aware of that doesn’t have a server image option 🤷‍♂️ it’s actually standard security procedure.
    
    For example, if you install Ubuntu desktop, it’ll have ssh disabled, because it is standard. Pretty much any distro should do this as well as long as it’s not their “server” ISO.
    
    In any case it’s a good practice to backup your images regardless of what hardware you’re running on, especially if you’re running a cluster, it allows for easy reproduction across the cluster.
    
    source
    -> View More Comments