Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
en:automation:securing-os-ssh-hidden [2021/06/07 11:40] avsetula |
en:automation:securing-os-ssh-hidden [2022/05/16 05:42] (current) tomhora |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Securing the OS (SSH) ====== | ====== Securing the OS (SSH) ====== | ||
| <WRAP center round important 95%> | <WRAP center round important 95%> | ||
| - | Securing the operating system is always needed to prevent unauthorized access to the Unipi controllers. Using a non-secured OS may lead to unauthorized tampering that can stop or limit the system's operation. In the worst-case scenario, it may also cause damage to the connected technologies or endanger personnel on the installation site. | + | Securing the operating system is always needed to prevent unauthorized access to the Unipi units. Using a non-secured OS may lead to unauthorized tampering that can stop or limit the system's operation. In the worst-case scenario, it may also cause damage to the connected technologies or endanger personnel on the installation site. |
| For these reasons, it is important to **properly secure the system** each time a new project is created. Alternatively, you can disable the SSH access completely. | For these reasons, it is important to **properly secure the system** each time a new project is created. Alternatively, you can disable the SSH access completely. | ||
| Line 10: | Line 10: | ||
| As the connection is provided by the **SSH** protocol, it is necessary to [[en:files:software:tools:advanced-ip-scan-hidden|know the IP address]] or the [[#mdns_record|mDNS address]] of the device and have an SSH client installed on your PC or tablet. Among the most frequently used clients for Windows OS is the PuTTY application - <html><a href="/en:files:software:tools:putty-hidden">user guide and default passwords are available here</a></html>. | As the connection is provided by the **SSH** protocol, it is necessary to [[en:files:software:tools:advanced-ip-scan-hidden|know the IP address]] or the [[#mdns_record|mDNS address]] of the device and have an SSH client installed on your PC or tablet. Among the most frequently used clients for Windows OS is the PuTTY application - <html><a href="/en:files:software:tools:putty-hidden">user guide and default passwords are available here</a></html>. | ||
| - | As a next step, enter the following command: | + | Before continuing, make sure you are logged in as the right user (for example "unipi" on our OpenSource OS). You can verify this by whoami command. |
| + | <code> | ||
| + | unipi@S103-sn999:~$ whoami | ||
| + | unipi | ||
| + | </code> | ||
| + | |||
| + | Now letps proceed to change the password by entering the following command: | ||
| <code> | <code> | ||
| - | sudo passwd | + | passwd |
| </code> | </code> | ||
| - | A prompt to enter and confirm a new password will be displayed. If everything is set correctly, the following message will appear: | + | A prompt to enter and confirm the current and new password will be displayed. If everything is set correctly, the following message will appear: |
| <code> | <code> | ||
| - | passwd: password updated successfully | + | Changing password for unipi. |
| + | Current password: | ||
| + | New password: | ||
| + | Retype new password: | ||
| </code> | </code> | ||
| Line 25: | Line 34: | ||
| <code> | <code> | ||
| - | unipi@S103-sn999:~$ sudo passwd | + | unipi@S103-sn999:~$ passwd |
| + | Changing password for unipi. | ||
| + | Current password: | ||
| New password: | New password: | ||
| Retype new password: | Retype new password: | ||
| Line 45: | Line 56: | ||
| sudo mount -rw -o remount / | sudo mount -rw -o remount / | ||
| </code> | </code> | ||
| + | |||
| + | Next, it's good practice to sync the changes on the storage (eMMC or SD card). This can be achieved by the sync command: | ||
| + | <code> | ||
| + | unipi@S103-sn999:~$ sync | ||
| + | </code> | ||
| + | |||
| + | You can now logout from your SSH session, reboot the PLC or power it of and on and login back to verify that the password has been sucesfully changed. | ||
| If the password cannot be changed even after entering the command, please contact our technical support. | If the password cannot be changed even after entering the command, please contact our technical support. | ||
