Replace the pi user
pi is the default user and this is a well known fact.
if you are going to leave your pi exposed in the wild (ie accessible via some means via the internet) you might want to tighten up security and reduce the chance of someone accessing your pi and via guessing or brute force attacks.
Assumptions
- You are familiar with SSH
- You are familiar with Terminal
- You can find your Pi
Procedures to carry out
This is a list of the things you need to do to change the default pi user VARIABLES are the new names you will want to replace with your own and insert into the COMMANDS
| VARIABLES | Description | |
| NEWUSER | The new user name to replace pi | |
| NEWGROUP | New Group Name to replace pi's Group - default is pi | |
| NEWUSERHOME | NEWUSER's home directory - the default is pi | |
| COMMANDS | Description | |
| Terminal Session as the pi user. | ||
| sudo passwd root | to make the kind of changes we need to make you need to log on as root so we have to set a password for the root user. | |
| sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config | Enable logon via SSH for root - the file can also be edited manually sudo nano /etc/ssh/sshd_config | |
| sudo /etc/init.d/ssh restart | restart the ssh service | |
| sudo raspi-config nonint do_boot_behaviour B1 | autologin is enabled by default, Use this to disable it. | |
| sudo reboot | if you have disabled reboot to refresh. | |
| Terminal Session as the root user. | Logon as root with the password entered above. | |
| usermod -md /home/NEWUSERHOME -l NEWUSER pi | rename the pi user and home directory | |
| groupmod -n NEWGROUP pi | rename the pi group | |
| mv /var/spool/cron/crontabs/pi /var/spool/cron/crontabs/NEWUSER NEWUSERHOME | move the cron jobs if there are any and you want to | |
| passwd NEWUSER | set a password for the new user (although this should have already been done) | |
| sudo mv /etc/sudoers.d/010_pi-nopasswd /etc/sudoers.d/010_NEWUSER-nopasswd | set the new user not to require the password every time you SUDO move the pi file to another user. | |
| sudo nano /etc/sudoers.d/nano 010_sa-nopasswd | change pi to NEWUSER | |
| Terminal Session as the NEWUSER user | ||
| sudo sed -i 's/PermitRootLogin.*/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config | Disable root logon via ssh - the file can also be edited manually sudo nano /etc/ssh/sshd_config and the paramarter changed. | |
| sudo /etc/init.d/ssh restart | restart ssh to refresh the configuration. | |