Question on SSH and secure connections to Octopi

What is the problem?

When I first ran the octopi burn utility on the sd card, I didn't enable SSH as it was mentioned on the install guide that it was optional. Only after running it did I realize SSH helps to keep bad actors from accessing the Pi and prints, and I'm now looking to enable SSH on my Octopi.

What did you already try to solve it?

I gave an attempt at enabling it directly on the pi (via command lines) but quickly got confused, I found the SSH command but couldn't make use if the syntax. Ideally I'd like to figure out how to enable SSH post install but if that's not possible a reinstall is just fine.

There isn't really anything wrong with the Pi I'm just looking for tips on how to configure it going into the future, I'm a first time user of Pis and command line stuff.

Curious if you've tried to SSH to the pi? The octopi image enables it by default, but if for whatever reason it's not then you can enable it by safely shutting down the pi, taking the card out and adding a file name octopi-password.txt containing a single line of what you want the password to be. Then put in pi and power back on. Once that is done SSH should be enabled and you can login with the username you used during imaging and login with the password you added in the file.

and FYI...enabling SSH actually makes your pi accessible from within your network only and technically is less secure than not having SSH enabled because it does allow access to the host linux system.

I haven't, I will give that a shot when I get home!

I haven't considered that enabling SSH might allow access to the linux host within the local network, I'll read a bit more on how SSH works.

This is definitely misinformed - it offers no protection. SSH is the system by which you can access the terminal/console of the Pi, allowing you to control the operating system.

1 Like

Ah, I see, this is my first time really networking anything (other than smb) and my first time remote accessing through the internet. I'll leave it as is for now I suppose and just use the Octoapp to monitor the print then. Thanks for all the help!

Having SSH enabled on your local network provides more convenience that it does risk (unless your local network has people / systems on it you don't trust). You still need a username/password to connect and SSH can be configured to use a public/private key pair which is more secure than username/password.

Exposing SSH to the outside world (the internet) is, of course, not recommended but with public/private keys it is still pretty secure.

You mention "first time remote accessing through the internet". Are you really allowing access from the outside world (the internet)?

Agree with b-morgan here, don't just port forward to your pi for remote access, use one of the remote plugins or setup a VPN to the house.

I see, I don't really plan on using too much remote netkwork functions right now, I mostly am looking to just monitor prints from work while the printer runs at home. As for security on the network, I do share a house with a few other people

Are you talking about plugins like octoeverywhere?

It not your access we are concerned about. Once you have given yourself access, you may have given every hacker on the planet access and some of them would not hesitate to access your 3D printer and burn your house down.

As for other people in your house, either you trust them or your 3D printer is locked up in your private space.

@jneilliii included a pointer (blue text is a link) to various plugins that implement some form of secure remote access. Which one you choose depends on what features you are interested in.

Yeah I took a look after I got home and I think I'm going to go with Octoeverywhere, seems like a lot of useful features without needing to pay very much

Partially correct. Any form of remote command line or terminal access is less secure than no remote command line access. Without remote access the only way to have direct control is from the physical console, highly impractical most of the time. There are a number of protocols for remote access including telnet which is a clear text communications protocol and ssh which is a cryptographic secure protocol just to name a few.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.