Update for Raspberry Pi-os Raspbian disables ssh by default

Simon Long, ux designer at the Raspberry Pi Foundation, has revealed that a new version of the Raspbian operating system has ssh disabled by default. This should make the devices less vulnerable to attacks.

According to Long, ssh is useful to manage a Raspberry Pi remotely, for example if users are running the device headless without a mouse, screen or keyboard. But enabling it by default can pose a security risk, as the default credentials are set to the username ‘pi’ and password ‘raspberry’. One of the changes is that when enabling ssh, the user will now see a warning if they do not make any changes to the logins.

The risk is that a malicious user can access the device from the outside using the default login. This was seen, for example, with the Mirai malware, which in this way infected IoT devices with weak security, including IP cameras and digital video recorders, and added them to the botnet. It turned out that this botnet is capable of carrying out heavy attacks.

Long says there’s no need to panic as no attacks have been found against devices running Raspbian. The update serves only as an additional security measure. Users who still want to use ssh can enable it manually. Long also calls on existing users to disable ssh if they are not using it.