What is the purpose of auto-login? Is it safe/secure?
Clash Royale CLAN TAG#URR8PPP
Please excuse my ignorance. I have searched and I haven't found anything that addresses my question.
What is the purpose of auto-login and is it safe to enable?
I am using my Pi 3B to host a very light-weight RESTful API which I intend to expose through a port forwarder.
Is auto-login insecure for this situation?
Thanks in advance for your help
security
add a comment |
Please excuse my ignorance. I have searched and I haven't found anything that addresses my question.
What is the purpose of auto-login and is it safe to enable?
I am using my Pi 3B to host a very light-weight RESTful API which I intend to expose through a port forwarder.
Is auto-login insecure for this situation?
Thanks in advance for your help
security
add a comment |
Please excuse my ignorance. I have searched and I haven't found anything that addresses my question.
What is the purpose of auto-login and is it safe to enable?
I am using my Pi 3B to host a very light-weight RESTful API which I intend to expose through a port forwarder.
Is auto-login insecure for this situation?
Thanks in advance for your help
security
Please excuse my ignorance. I have searched and I haven't found anything that addresses my question.
What is the purpose of auto-login and is it safe to enable?
I am using my Pi 3B to host a very light-weight RESTful API which I intend to expose through a port forwarder.
Is auto-login insecure for this situation?
Thanks in advance for your help
security
security
asked Feb 3 at 20:53
user919426user919426
1133
1133
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.
It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.
So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.
Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.
Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?
– user919426
Feb 3 at 21:06
1
No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or throughraspi-config
? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?
– stevieb
Feb 3 at 21:08
Yes, through raspi-config. I will re-try
– user919426
Feb 3 at 21:08
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
return StackExchange.using("schematics", function ()
StackExchange.schematics.init();
);
, "cicuitlab");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "447"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fraspberrypi.stackexchange.com%2fquestions%2f93816%2fwhat-is-the-purpose-of-auto-login-is-it-safe-secure%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.
It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.
So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.
Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.
Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?
– user919426
Feb 3 at 21:06
1
No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or throughraspi-config
? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?
– stevieb
Feb 3 at 21:08
Yes, through raspi-config. I will re-try
– user919426
Feb 3 at 21:08
add a comment |
Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.
It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.
So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.
Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.
Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?
– user919426
Feb 3 at 21:06
1
No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or throughraspi-config
? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?
– stevieb
Feb 3 at 21:08
Yes, through raspi-config. I will re-try
– user919426
Feb 3 at 21:08
add a comment |
Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.
It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.
So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.
Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.
Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.
It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.
So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.
Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.
edited Feb 3 at 21:58
answered Feb 3 at 21:03
steviebstevieb
1,089410
1,089410
Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?
– user919426
Feb 3 at 21:06
1
No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or throughraspi-config
? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?
– stevieb
Feb 3 at 21:08
Yes, through raspi-config. I will re-try
– user919426
Feb 3 at 21:08
add a comment |
Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?
– user919426
Feb 3 at 21:06
1
No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or throughraspi-config
? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?
– stevieb
Feb 3 at 21:08
Yes, through raspi-config. I will re-try
– user919426
Feb 3 at 21:08
Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?
– user919426
Feb 3 at 21:06
Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?
– user919426
Feb 3 at 21:06
1
1
No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or through
raspi-config
? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?– stevieb
Feb 3 at 21:08
No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or through
raspi-config
? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?– stevieb
Feb 3 at 21:08
Yes, through raspi-config. I will re-try
– user919426
Feb 3 at 21:08
Yes, through raspi-config. I will re-try
– user919426
Feb 3 at 21:08
add a comment |
Thanks for contributing an answer to Raspberry Pi Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fraspberrypi.stackexchange.com%2fquestions%2f93816%2fwhat-is-the-purpose-of-auto-login-is-it-safe-secure%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown