How to modify the hostname and username and password of Raspberry Pi All In One
How to modify the hostname and username and password of Raspberry Pi All In One
如何修改
树莓派的主机名、用户名和密码
$ cat /boot/userconf.txt
pi:/4g6TptuTP5B6
solutions ✅
raspi-config
$ sudo raspi-config
System Options
Password
Hostname
passwd
# 修改当前登录用户 pi 的密码
$ passwd
add user
# 添加新用户
$ sudo useradd -m xgqfrms -G sudo
to add a new user with the same permissions as the pi user;
This adds a new user called xgqfrms, creates a home folder, and adds the user to the sudo group;
You now need to set a password for the new user;
# 设置新用户的密码
$ sudo passwd xgqfrms
visudo
# 查看权限
$ sudo visudo
$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.d
delete user
# 删除用户 pi
$ sudo deluser pi
This command will delete the pi user but will leave the home/pi folder.
If necessary, you can use the command below to remove the home folder for the pi user at the same time.
⚠️ Note the data in this folder will be permanently deleted, so make sure any required data is stored elsewhere.
# 永久的删除用户 pi 的家目录
$ sudo deluser -remove-home pi
backup
# 备份整个 home 目录
$ cp /home/pi /home/xgqfrms
# 仅备份 home 目录下的 Desktop 目录
$ cp /home/pi/Desktop /home/xgqfrms/Desktop
$ cat .profile
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
echo "每次登录自动执行脚本发送树莓派的 IP 地址到钉钉消息✅"
bash /home/pi/Desktop/ip-program.sh
# echo "开启SSD1306 OLED 🖥️ 🌡️"
# sudo python3 /home/pi/OLED_Stats/stats.py &
# $ cat .profile
.zshrc
.bashrc
.profile
.local
locale
vim
nvm
node.js
nginx
docker
git
Security
Placing sudo in front of a command runs it as a superuser, and by default, that does not need a password.
In general, this is not a problem.
However, if your Pi is exposed to the internet and somehow becomes exploited (perhaps via a webpage exploit for example), the attacker will be able to change things that require superuser credential, unless you have set sudo to require a password.
$ ls -alth /etc/sudoers.d
总用量 24K
drwxr-xr-x 120 root root 4.0K 5月 31 17:42 ..
drwxr-xr-x 2 root root 4.0K 5月 3 11:29 .
-r--r----- 1 root root 27 5月 3 10:55 010_pi-nopasswd
-r--r----- 1 root root 958 1月 14 21:29 README
-r--r----- 1 root root 211 3月 18 2022 010_proxy
-r--r----- 1 root root 36 4月 29 2019 010_at-export
To force sudo to require a password,
change the pi entry (or whichever usernames have superuser rights) to.
$ sudo nano /etc/sudoers.d/010_pi-nopasswd
# 开启 sudo 密码验证
pi ALL=(ALL) PASSWD: ALL
$ sudo nano /etc/sudoers.d/010_xgqfrms-nopasswd
# 开启 sudo 密码验证
xgqfrms ALL=(ALL) PASSWD: ALL
demos
$ cat /boot/userconf.txt
pi:/4g6TptuTP5B6
# pi:raspberry
(🐞 反爬虫测试!打击盗版⚠️)如果你看到这个信息, 说明这是一篇剽窃的文章,请访问 https://www.cnblogs.com/xgqfrms/ 查看原创文章!
usermod
$ man usermod
$ man usermod > ./man-docs/usermod.md
$ cat ./man-docs/usermod.md
$ man usermod
$ man usermod > ./man-docs/usermod.md
$ cat ./man-docs/usermod.md
USERMOD(8) 系统管理命令 USERMOD(8)
名称
usermod - 修改一个用户账户
大纲
usermod [选项] 登录
描述
The usermod command modifies the system account files to reflect the changes that are
specified on the command line.
选项
The options which apply to the usermod command are:
-a, --append
Add the user to the supplementary group(s). Use only with the -G option.
-b, --badnames
Allow names that do not conform to standards.
-c, --comment COMMENT
The new value of the user's password file comment field. It is normally modified
using the chfn(1) utility.
-d, --home HOME_DIR
用户的新登录目录。
If the -m option is given, the contents of the current home directory will be
moved to the new home directory, which is created if it does not already exist.
-e, --expiredate EXPIRE_DATE
The date on which the user account will be disabled. The date is specified in the
format YYYY-MM-DD.
An empty EXPIRE_DATE argument will disable the expiration of the account.
This option requires a /etc/shadow file. A /etc/shadow entry will be created if
there were none.
-f, --inactive INACTIVE
密码过期之后,账户被彻底禁用之前的天数。
0 表示密码过期时,立即禁用账户;-1 表示不使用这个功能。
This option requires a /etc/shadow file. A /etc/shadow entry will be created if
there were none.
-g, --gid GROUP
用户的新初始登录组的组名或数字代号。此组必须存在。
用户主目录中,属于原来的主组的文件将转交新组所有。
主目录之外的文件所属的组必须手动修改。
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of. Each group is
separated from the next by a comma, with no intervening whitespace. The groups are
subject to the same restrictions as the group given with the -g option.
If the user is currently a member of a group which is not listed, the user will be
removed from the group. This behaviour can be changed via the -a option, which
appends the user to the current supplementary group list.
-l, --login NEW_LOGIN
The name of the user will be changed from LOGIN to NEW_LOGIN. Nothing else is
changed. In particular, the user's home directory or mail spool should probably be
renamed manually to reflect the new login name.
-L, --lock
Lock a user's password. This puts a '!' in front of the encrypted password,
effectively disabling the password. You can't use this option with -p or -U.
Note: if you wish to lock the account (not only access with a password), you
should also set the EXPIRE_DATE to 1.
-m, --move-home
将用户的主目录移动到新位置。
This option is only valid in combination with the -d (or --home) option.
usermod will try to adapt the ownership of the files and to copy the modes, ACL
and extended attributes, but manual changes might be needed afterwards.
-o, --non-unique
When used with the -u option, this option allows to change the user ID to a
non-unique value.
-p, --password PASSWORD
The encrypted password, as returned by crypt(3).
Note: This option is not recommended because the password (or encrypted password)
will be visible by users listing the processes.
The password will be written in the local /etc/passwd or /etc/shadow file. This
might differ from the password database configured in your PAM configuration.
您应该确保密码符合系统的密码政策。
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the
CHROOT_DIR directory.
-P, --prefix PREFIX_DIR
Apply changes in the PREFIX_DIR directory and use the configuration files from the
PREFIX_DIR directory. This option does not chroot and is intended for preparing a
cross-compilation target. Some limitations: NIS and LDAP users/groups are not
verified. PAM authentication is using the host files. No SELINUX support.
-s, --shell SHELL
用户的新登录 shell 的名称。将此字段设置为空会让系统选择默认的登录 shell。
-u, --uid UID
用户 ID 的新数值。
This value must be unique, unless the -o option is used. The value must be
non-negative.
用户的邮箱,用户主目录中属于此用户的文件的属主 ID 也将自动更改。
用户主目录之外文件所有权必须手动修复。
No checks will be performed with regard to the UID_MIN, UID_MAX, SYS_UID_MIN, or
SYS_UID_MAX from /etc/login.defs.
-U, --unlock
Unlock a user's password. This removes the '!' in front of the encrypted password.
You can't use this option with -p or -L.
Note: if you wish to unlock the account (not only access with a password), you
should also set the EXPIRE_DATE (for example to 99999, or to the EXPIRE value from
/etc/default/useradd).
-v, --add-subuids FIRST-LAST
Add a range of subordinate uids to the user's account.
This option may be specified multiple times to add multiple ranges to a users
account.
No checks will be performed with regard to SUB_UID_MIN, SUB_UID_MAX, or
SUB_UID_COUNT from /etc/login.defs.
-V, --del-subuids FIRST-LAST
Remove a range of subordinate uids from the user's account.
This option may be specified multiple times to remove multiple ranges to a users
account. When both --del-subuids and --add-subuids are specified, the removal of
all subordinate uid ranges happens before any subordinate uid range is added.
No checks will be performed with regard to SUB_UID_MIN, SUB_UID_MAX, or
SUB_UID_COUNT from /etc/login.defs.
-w, --add-subgids FIRST-LAST
Add a range of subordinate gids to the user's account.
This option may be specified multiple times to add multiple ranges to a users
account.
No checks will be performed with regard to SUB_GID_MIN, SUB_GID_MAX, or
SUB_GID_COUNT from /etc/login.defs.
-W, --del-subgids FIRST-LAST
Remove a range of subordinate gids from the user's account.
This option may be specified multiple times to remove multiple ranges to a users
account. When both --del-subgids and --add-subgids are specified, the removal of
all subordinate gid ranges happens before any subordinate gid range is added.
No checks will be performed with regard to SUB_GID_MIN, SUB_GID_MAX, or
SUB_GID_COUNT from /etc/login.defs.
-Z, --selinux-user SEUSER
用户登陆的 SELinux 用户。
A blank SEUSER will remove the SELinux user mapping for user LOGIN (if any).
CAVEATS
You must make certain that the named user is not executing any processes when this
command is being executed if the user's numerical user ID, the user's name, or the
user's home directory is being changed. usermod checks this on Linux. On other
platforms it only uses utmp to check if the user is logged in.
You must change the owner of any crontab files or at jobs manually.
您必须更改 NIS 服务器上的 NIS 相关内容。
配置文件
The following configuration variables in /etc/login.defs change the behavior of this
tool:
LASTLOG_UID_MAX (number)
Highest user ID number for which the lastlog entries should be updated. As higher
user IDs are usually tracked by remote user identity and authentication services
there is no need to create a huge sparse lastlog file for them.
No LASTLOG_UID_MAX option present in the configuration means that there is no user
ID limit for writing lastlog entries.
MAIL_DIR (string)
邮箱目录。修改或删除用户账户时需要处理邮箱,如果没有指定,将使用编译时指定的默认
值。
MAIL_FILE (string)
定义用户邮箱文件的位置(相对于主目录)。
The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and userdel to
create, move, or delete the user's mail spool.
MAX_MEMBERS_PER_GROUP (number)
Maximum members per group entry. When the maximum is reached, a new group entry
(line) is started in /etc/group (with the same name, same password, and same GID).
默认值是 0,意味着组中的成员数没有限制。
此功能(分割组)允许限制组文件中的行长度。这对于确保 NIS 组的行比长于 1024 字符。
如果要强制这个限制,可以使用 25。
注意:分割组可能不受所有工具的支持(甚至在 Shadow 工具集中)。您不应该使用这个变
量,除非真的需要。
SUB_GID_MIN (number), SUB_GID_MAX (number), SUB_GID_COUNT (number)
If /etc/subuid exists, the commands useradd and newusers (unless the user already
have subordinate group IDs) allocate SUB_GID_COUNT unused group IDs from the range
SUB_GID_MIN to SUB_GID_MAX for each new user.
The default values for SUB_GID_MIN, SUB_GID_MAX, SUB_GID_COUNT are respectively
100000, 600100000 and 65536.
SUB_UID_MIN (number), SUB_UID_MAX (number), SUB_UID_COUNT (number)
If /etc/subuid exists, the commands useradd and newusers (unless the user already
have subordinate user IDs) allocate SUB_UID_COUNT unused user IDs from the range
SUB_UID_MIN to SUB_UID_MAX for each new user.
The default values for SUB_UID_MIN, SUB_UID_MAX, SUB_UID_COUNT are respectively
100000, 600100000 and 65536.
文件
/etc/group
组账户信息。
/etc/gshadow
安全组账户信息。
/etc/login.defs
Shadow 密码套件配置。
/etc/passwd
用户账户信息。
/etc/shadow
安全用户账户信息。
/etc/subgid
Per user subordinate group IDs.
/etc/subuid
Per user subordinate user IDs.
参见
chfn(1), chsh(1), passwd(1), crypt(3), gpasswd(8), groupadd(8), groupdel(8),
groupmod(8), login.defs(5), subgid(5), subuid(5), useradd(8), userdel(8).
shadow-utils 4.8.1 2020-02-07 USERMOD(8)
# pi & root
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-network:x:101:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:102:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
pi:x:1000:1000:,,,:/home/pi:/bin/bash
systemd-timesync:x:103:109:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:104:110::/nonexistent:/usr/sbin/nologin
_rpc:x:105:65534::/run/rpcbind:/usr/sbin/nologin
sshd:x:106:65534::/run/sshd:/usr/sbin/nologin
statd:x:107:65534::/var/lib/nfs:/usr/sbin/nologin
avahi:x:108:113:Avahi mDNS daemon,,,:/run/avahi-daemon:/usr/sbin/nologin
dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
lightdm:x:110:114:Light Display Manager:/var/lib/lightdm:/bin/false
rtkit:x:111:116:RealtimeKit,,,:/proc:/usr/sbin/nologin
pulse:x:112:119:PulseAudio daemon,,,:/run/pulse:/usr/sbin/nologin
saned:x:113:122::/var/lib/saned:/usr/sbin/nologin
colord:x:114:123:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
hplip:x:115:7:HPLIP system user,,,:/run/hplip:/bin/false
systemd-coredump:x:996:996:systemd Core Dumper:/:/usr/sbin/nologin
passwd
$ man passwd
$ man passwd > ./man-docs/passwd.md
$ cat ./man-docs/passwd.md
$ man passwd
$ man passwd > ./man-docs/passwd.md
$ cat ./man-docs/passwd.md
PASSWD(1) 用户命令 PASSWD(1)
名称
passwd - 更改用户密码
大纲
passwd [选项] [登录]
描述
The passwd command changes passwords for user accounts. A normal user may only change
the password for their own account, while the superuser may change the password for
any account. passwd also changes the account or associated password validity period.
密码更改
如果有旧密码,首先提示用户输入旧密码。加密这个密码然后和存储的密码进行比较。用户只有一
次机会输入正确密码。允许超级用户略过这个步骤,以便更改忘记了的密码。
After the password has been entered, password aging information is checked to see if
the user is permitted to change the password at this time. If not, passwd refuses to
change the password and exits.
提示用户输入两次新密码。第二次和第一次进行比较,并且需要相同才能更改密码。
然后,测试密码的负责程度。一般来讲,密码应该包含 6 到 8 位字符,从下边的一个或多个集合
中选择:
• 小写字母
• 数字 0 到 9
• 标点符号
Care must be taken not to include the system default erase or kill characters. passwd
will reject any password which is not suitably complex.
关于用户密码的提示
The security of a password depends upon the strength of the encryption algorithm and
the size of the key space. The legacy UNIX System encryption method is based on the
NBS DES algorithm. More recent methods are now recommended (see ENCRYPT_METHOD). The
size of the key space depends upon the randomness of the password which is selected.
由于粗心地或处理选择密码,会危及密码的安全。由于这个原因,您不应该选择出现在词典中或者
必须要写下来才能记住的密码。密码也不应该是一个名字、许可证号、生日或者街道号。所有这些
可以用于猜测来损害系统安全。
You can find advice on how to choose a strong password on
http://en.wikipedia.org/wiki/Password_strength
选项
The options which apply to the passwd command are:
-a, --all
This option can be used only with -S and causes show status for all users.
-d, --delete
删除用户密码(让它为空)。这是禁用一个用户密码的快速方法。它将设置给出名称的账户。
-e, --expire
让一个账户的密码立即过期。这可以强制一个用户下次登录时更改密码。
-h, --help
现实帮助信息并退出。
-i, --inactive INACTIVE
This option is used to disable an account after the password has been expired for
a number of days. After a user account has had an expired password for INACTIVE
days, the user may no longer sign on to the account.
-k, --keep-tokens
表示密码更改只应该因为认证口令(密码)过期更改。用户希望保持他们尚未过期的口令。
-l, --lock
锁定指定账户的密码。此选项通过将密码更改为一个不可能与加密值匹配的值来禁用(它在密
码开头添加一个“!”)。
Note that this does not disable the account. The user may still be able to login
using another authentication token (e.g. an SSH key). To disable the account,
administrators should use usermod --expiredate 1 (this set the account's expire
date to Jan 2, 1970).
被锁定了密码的用户不允许更改密码。
-n, --mindays MIN_DAYS
Set the minimum number of days between password changes to MIN_DAYS. A value of
zero for this field indicates that the user may change their password at any time.
-q, --quiet
安静模式。
-r, --repository REPOSITORY
change password in REPOSITORY repository
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the
CHROOT_DIR directory.
-S, --status
显示账户状态信息。状态信息包含 7 个字段。首个字段是用户的登录名,第二个字段表示用
户账户是否已经锁定密码(L)、没有密码 (NP)或者密码可用(P),第三个字段给出最后一次更
改密码的日期。接下来的四个字段分别是密码的最小年龄、最大年龄、警告期和禁用期。这些
年龄以天为单位计算。
-u, --unlock
Unlock the password of the named account. This option re-enables a password by
changing the password back to its previous value (to the value before using the -l
option).
-w, --warndays WARN_DAYS
Set the number of days of warning before a password change is required. The
WARN_DAYS option is the number of days prior to the password expiring that a user
will be warned that their password is about to expire.
-x, --maxdays MAX_DAYS
Set the maximum number of days a password remains valid. After MAX_DAYS, the
password is required to be changed.
Passing the number -1 as MAX_DAYS will remove checking a password's validity.
CAVEATS
密码复杂性检查在每台机器间不同。用户应该选择适合的尽量复杂的密码。
在启动了 NIS 的系统上,如果没有登录 NIS 服务器,用户或许不能更改自己的密码。
passwd uses PAM to authenticate users and to change their passwords.
文件
/etc/passwd
用户账户信息。
/etc/shadow
安全用户账户信息。
/etc/pam.d/passwd
PAM configuration for passwd.
退出值
The passwd command exits with the following values:
0
success
1
permission denied
2
invalid combination of options
3
unexpected failure, nothing done
4
unexpected failure, passwd file missing
5
passwd file busy, try again
6
invalid argument to option
参见
chpasswd(8), passwd(5), shadow(5), usermod(8).
shadow-utils 4.8.1 2020-02-07 PASSWD(1)
shadow
$ man shadow
$ man shadow > ./man-docs/shadow.md
$ cat ./man-docs/shadow.md
$ man shadow
$ man shadow > ./man-docs/shadow.md
$ cat ./man-docs/shadow.md
SHADOW(5) 文件格式和转化 SHADOW(5)
名称
shadow - 影子化了的密码文件
描述
shadow is a file which contains the password information for the system's
accounts and optional aging information.
如果没有维护好密码安全,此文件绝对不能让普通用户可读。
Each line of this file contains 9 fields, separated by colons (“:”), in the
following order:
登录名
必须是有效的账户名,且已经存在于系统中。
加密了的密码
This field may be empty, in which case no passwords are required to
authenticate as the specified login name. However, some applications which
read the /etc/shadow file may decide not to permit any access at all if
the password field is empty.
A password field which starts with an exclamation mark means that the
password is locked. The remaining characters on the line represent the
password field before the password was locked.
Refer to crypt(3) for details on how this string is interpreted.
If the password field contains some string that is not a valid result of
crypt(3), for instance ! or *, the user will not be able to use a unix
password to log in (but the user may log in the system by other means).
最后一次更改密码的日期
最近一次更改密码的时间,表示从1970年1月1日开始的天数。
The value 0 has a special meaning, which is that the user should change
her password the next time she will log in the system.
空字段表示密码年龄功能被禁用。
密码的最小年龄
最小密码年龄是指,用户一次更改密码之后,要等多长时间才再次被允许更改密码。
空字段或 0 表示没有最小密码年龄。
最大密码年龄
最大密码年龄是指,这写天之后,用户必须更改密码。
这写天之后,密码仍然可用。用户将会在下次登录的时候被要求更改密码。
空字段表示没有最大密码年龄,没有密码警告时间段,没有密码禁用时间段(请看下
边)。
如果最大密码年龄小于最小密码年龄,用户将会不能更改密码。
密码警告时间段
密码过期之前,提前警告用户的的天数(请参考上边的密码的最大年龄)。
空字段或者 0 表示没有密码警告期。
密码禁用期
密码过期(查看上边的密码最大年龄)后,仍然接受此密码的天数(在此期间,用户应
该在下次登录时修改密码)。
密码到期并且过了这个宽限期之后,使用用户的当前的密码将会不能登录。用户需要
联系系统管理员。
空字段表示没有强制密码过期。
账户过期日期
账户过期的日期,表示从1970年1月1日开始的天数。
Note that an account expiration differs from a password expiration. In
case of an account expiration, the user shall not be allowed to login. In
case of a password expiration, the user is not allowed to login using her
password.
空字段表示账户永不过期。
应该避免使用 0,因为它既能理解成永不过期也能理解成在1970年1月1日过期。
保留字段
此字段保留作将来使用。
文件
/etc/passwd
用户账户信息。
/etc/shadow
安全用户账户信息。
/etc/shadow-
/etc/shadow 的备份文件。
注意,此文件由 shadow 工具集使用,而不是所有的用户和密码管理工具都会使用。
参见
chage(1), login(1), passwd(1), passwd(5), pwck(8), pwconv(8), pwunconv(8),
su(1), sulogin(8).
shadow-utils 4.8.1 2020-02-07 SHADOW(5)
vcgencmd
pi@raspberrypi:~ $ vcgencmd display_power 0
display_power=1
pi@raspberrypi:~ $ vcgencmd display_power
display_power=1
https://www.raspberrypi.com/documentation/computers/os.html#vcgencmd
docs
https://www.raspberrypi.com/documentation/computers/configuration.html#change-user-password
https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password
# 添加
$ sudo adduser xgqfrms
# 授权
$ sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi xgqfrms
# 检查
$ sudo su - xgqfrms
# 删除 ⚠️
$ sudo deluser pi
$ sudo deluser -remove-home pi
https://www.raspberrypi.com/documentation/computers/configuration.html#changing-your-username
https://www.raspberrypi.com/documentation/computers/configuration.html#configuring-a-user
https://www.raspberrypi.com/documentation/computers/configuration.html#update-the-sudoers-file
$ sudo visudo /etc/sudoers.d/010_pi-nopasswd
# pi ALL=(ALL) PASSWD: ALL
https://www.raspberrypi.com/documentation/computers/configuration.html#make-sudo-require-a-password
$ ls -alth /etc/environment
$ cat /etc/environment
https://www.raspberrypi.com/documentation/computers/configuration.html#using-a-proxy-server
$ sudo nano /etc/ssh/sshd_config
AllowUsers abc xyz
DenyUsers ufo anonymous
https://www.raspberrypi.com/documentation/computers/configuration.html#improving-ssh-security
# 防火墙
$ sudo apt install ufw
$ sudo ufw enable
$ sudo ufw disable
$ sudo ufw allow 22
$ sudo ufw deny 22
$ sudo ufw deny 22/tcp
$ sudo ufw allow ssh
$ sudo ufw status
$ sudo ufw limit ssh/tcp
$ sudo ufw deny from 192.168.2.1 port 30
https://www.raspberrypi.com/documentation/computers/configuration.html#install-a-firewall
refs
https://forums.raspberrypi.com/viewtopic.php?t=193620
https://stackoverflow.com/questions/71804429/raspberry-pi-ssh-access-denied/76373448#76373448
©xgqfrms 2012-2021
www.cnblogs.com/xgqfrms 发布文章使用:只允许注册用户才可以访问!
原创文章,版权所有©️xgqfrms, 禁止转载 🈲️,侵权必究⚠️!
本文首发于博客园,作者:xgqfrms,原文链接:https://www.cnblogs.com/xgqfrms/p/17446689.html
未经授权禁止转载,违者必究!
