Securing a unit with Non-Factory Username and Password
Written on: March 31, 2020 9:19 am
Leaving any device set with a factory Username and Password is a big security risk. The JNIOR comes with two factory Administrator accounts. The usernames jnior and admin both have administrative privileges.
It is recommended that the users be modified on the JNIORs to secure them. This is vital for units that are on the open network and have public access. Public access does not mean that they are supposed to be open to the public but rather that they are accessible from anywhere.
List the Users
To see the current users and their privileges, you will use the users command. This command will show you the usernames, their assigned user id and the privileges that they possess.
Change the password for the current user
The simplest change that you can make to secure your unit is to change the password of one of the factory administrator accounts. To do this you will log in to the one you want to change and use the passwd command. You will be prompted for the current password and then twice for the new password. The password requirement is very relaxed but you are encouraged to create a strong password.
Create a new user
We need to create a new administrator account so that we can disable the factory users. Using the useradd command with the -a option will create a new user with administrator privileges. You will be prompted for the new password twice. The password requirement is very relaxed but you are encouraged to create a strong password. After the user is created you can execute the users command again to see the results.
Disable the Admin account
To disable an account you will use the usermod command. This command modifies the privileges for the given user. To disable the admin account you will type usermod +d admin. Then you can execute the users command again to see the result.
Change the current user
After creating the new user you will want to switch to it so that modifications can be made to the user account that was logged in while the new user was created. You will do this by closing the command line connection. This will log you out from the current user. Then reconnect using the new user and the new credentials. You can see what the current user account is by using the whoami command. Next, you can then modify the privileges of the user that was used to create the new account.
Things to watch out for
You MUST have at least one admin account on the JNIOR. If you try to do so, you will simply be told that you cannot remove that user.
You also cannot remove admin privileges from the user that you are logged in as while performing that operation. If you try to do that you will be told that you cannot alter the current account.