Op 12-12-18 om 01:53 schreef Martin Gregorie:
> That might explain the difference: I've never used the 'pi' user on mine
> and never connected a keyboard or screen to it.

I *did* say "standard user Pi doesn't need a password for sudo" :)
(capital letter was wrong, though)

> The first thing I did, immediately after getting SSH logins to work (mine
> is a 2nd gen RPi B, so meant mounting its SD card on another Linux box,
> configuring sshd to start on boot and assigning it a static IP) was to
> set up a user with the same name as my normal login on my other machines
> so that "ssh hostname", would work on the RPi the same as my other hosts.

That's fine, but sometimes, in some situations, you will run into
trouble because user 'pi' is hardwired into stuff. Like in raspi-config,
I think; or at least it was. So that might be a reason to switch back to
the standard user. Two solutions for your workflow:
- in .ssh/config on your other host(s), define
   Host mypi
     User pi
   which means you can still do martin@home:~$ ssh mypi
- on the Pi, on a recent install, do "sudo rm
/etc/sudoers.d/010_pi-nopasswd" to remove the NOPASSWD directive for
user pi. If it doesn't exist, edit /etc/sudoers using the visudo command
(despite its name, it uses the standard editor which on Raspbian/Bash,
if you didn't change it, is nano) to remove or edit the "pi ALL=(ALL)
NOPASSWD: ALL" line there.

Or, you know, keep it if you're only using ipv4 on NAT and/or behind a
firewall and you don't do stuff that might get you a virus. Web server
should be safe because that runs as www-data.

For The Nat Phil: it isn't about secret stuff that might get stolen but
your machine getting hijacked by botnets for spam or ddossing, which
will make your isp block you from the internet.

--- SoupGate-Win32 v1.05