Update for Raspberry Pi os Raspbian disables ssh by default

Simon Long, ux designer at the Raspberry Pi Foundation, has revealed that a new version of the operating system has Raspbian ssh disabled by default. This should make the devices less vulnerable to attacks.

According to Long, ssh is useful to remotely manage a Raspberry Pi, for example if users use the device headless without a mouse, screen or keyboard. But enabling it by default can pose a security risk because the default credentials are fixed to the username ‘pi’ and the password ‘raspberry’. One of the changes is that when enabling ssh, the user will now see a warning if he does not make changes to the logins.

The risk is that a malicious user could gain access to the device from outside by using the default login. This was seen, for example, in the Mirai malware, which in this way infected and added to the botnet IoT devices with weak security, including IP cameras and digital video recorders. It turned out that this botnet is capable of performing heavy attacks.

Long says there is no need to panic, as there have been no reports of attacks on devices running Raspbian. The update only serves as an additional security measure. Users who still want to use ssh can enable it manually. Long also prompts existing users to disable ssh if they are not using it.