Version: Beta

Securing Your Companion Pi

SSH User Setup

Following the change in April 2022 by Raspberry Pi, the CompanionPi images do not allow SSH access until you set up a user. If you have a screen connected you will be prompted to set up the user, or you can create the user with a config file at first boot.

Using Raspberry Pi Imager

If using the Raspberry Pi Imager, you can configure the username and password before writing the image.

Creating a User at First Boot

At the root of your SD card, create a file named userconf.txt
Run the following command to generate a hash of your password:
```
openssl passwd -6 <your-password>
```
Add a single line to the userconf.txt file:
```
<username>:<password-hash>
```
Use the output of the previous step as the password hash.

tip

You must not use companion as the username, otherwise you will clash with the user that Companion gets run as.

It is recommended to not use pi as the username, to make it harder for an attacker to guess it.

Security Best Practices

There are other security-oriented best practices that are recommended:

Making sudo require a password
Making sure you've got the latest OS updates and security fixes
Improving SSH security

All of these recommended best practices can be found on the raspberrypi.org website.

For general Companion security settings, see the Security page.

SSH User Setup​

Using Raspberry Pi Imager​

Creating a User at First Boot​

Security Best Practices​

SSH User Setup

Using Raspberry Pi Imager

Creating a User at First Boot

Security Best Practices