Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
en:automation:securing-os-ssh-hidden [2021/06/07 11:40] avsetula |
en:automation:securing-os-ssh-hidden [2022/05/16 05:42] (current) tomhora |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Securing the OS (SSH) ====== | ====== Securing the OS (SSH) ====== | ||
<WRAP center round important 95%> | <WRAP center round important 95%> | ||
- | Securing the operating system is always needed to prevent unauthorized access to the Unipi controllers. Using a non-secured OS may lead to unauthorized tampering that can stop or limit the system's operation. In the worst-case scenario, it may also cause damage to the connected technologies or endanger personnel on the installation site. | + | Securing the operating system is always needed to prevent unauthorized access to the Unipi units. Using a non-secured OS may lead to unauthorized tampering that can stop or limit the system's operation. In the worst-case scenario, it may also cause damage to the connected technologies or endanger personnel on the installation site. |
For these reasons, it is important to **properly secure the system** each time a new project is created. Alternatively, you can disable the SSH access completely. | For these reasons, it is important to **properly secure the system** each time a new project is created. Alternatively, you can disable the SSH access completely. | ||
Line 10: | Line 10: | ||
As the connection is provided by the **SSH** protocol, it is necessary to [[en:files:software:tools:advanced-ip-scan-hidden|know the IP address]] or the [[#mdns_record|mDNS address]] of the device and have an SSH client installed on your PC or tablet. Among the most frequently used clients for Windows OS is the PuTTY application - <html><a href="/en:files:software:tools:putty-hidden">user guide and default passwords are available here</a></html>. | As the connection is provided by the **SSH** protocol, it is necessary to [[en:files:software:tools:advanced-ip-scan-hidden|know the IP address]] or the [[#mdns_record|mDNS address]] of the device and have an SSH client installed on your PC or tablet. Among the most frequently used clients for Windows OS is the PuTTY application - <html><a href="/en:files:software:tools:putty-hidden">user guide and default passwords are available here</a></html>. | ||
- | As a next step, enter the following command: | + | Before continuing, make sure you are logged in as the right user (for example "unipi" on our OpenSource OS). You can verify this by whoami command. |
+ | <code> | ||
+ | unipi@S103-sn999:~$ whoami | ||
+ | unipi | ||
+ | </code> | ||
+ | |||
+ | Now letps proceed to change the password by entering the following command: | ||
<code> | <code> | ||
- | sudo passwd | + | passwd |
</code> | </code> | ||
- | A prompt to enter and confirm a new password will be displayed. If everything is set correctly, the following message will appear: | + | A prompt to enter and confirm the current and new password will be displayed. If everything is set correctly, the following message will appear: |
<code> | <code> | ||
- | passwd: password updated successfully | + | Changing password for unipi. |
+ | Current password: | ||
+ | New password: | ||
+ | Retype new password: | ||
</code> | </code> | ||
Line 25: | Line 34: | ||
<code> | <code> | ||
- | unipi@S103-sn999:~$ sudo passwd | + | unipi@S103-sn999:~$ passwd |
+ | Changing password for unipi. | ||
+ | Current password: | ||
New password: | New password: | ||
Retype new password: | Retype new password: | ||
Line 45: | Line 56: | ||
sudo mount -rw -o remount / | sudo mount -rw -o remount / | ||
</code> | </code> | ||
+ | |||
+ | Next, it's good practice to sync the changes on the storage (eMMC or SD card). This can be achieved by the sync command: | ||
+ | <code> | ||
+ | unipi@S103-sn999:~$ sync | ||
+ | </code> | ||
+ | |||
+ | You can now logout from your SSH session, reboot the PLC or power it of and on and login back to verify that the password has been sucesfully changed. | ||
If the password cannot be changed even after entering the command, please contact our technical support. | If the password cannot be changed even after entering the command, please contact our technical support. |