Newbie - Question - Problems after password change

manues · November 3, 2023, 8:21pm

Greetings!!

A newbie problem…

I changed default password for user volumio and user root. As this is very risky to leave the password at default. However, after changing the password I tried install a plugin “Backup and Restore Data”

see the status screen as below

See the installation logs as below…

Downloading plugin at https://plugins.volumio.workers.dev/pluginsv2/download/backup_restore/0.7.4/volumio/buster/armhf
END DOWNLOAD: https://plugins.volumio.workers.dev/pluginsv2/download/backup_restore/0.7.4/volumio/buster/armhf
Creating install location
Unpacking plugin
Checking that the plugin is suitable for this version of Volumio The plugin can be used with this version of Volumio
Checking for duplicate plugin
Copying plugin to location
Installing necessary utilities
An error occurred while installing the plugin Error

please advise the next steps…

Thanks in advance.

manues · November 3, 2023, 8:24pm

Hello Team…

I managed t change the activate the plugin… However run into issues again…

Basically after changing the password issues with plugin install / uninstall

SimonE · November 3, 2023, 8:47pm

Changing the password will break anything that uses these to run scripts, like updates and backups.

Wheaten · November 3, 2023, 9:14pm

Reflash your SD and start over.
Don’t change the default password, as SimonE said, it will break the image.

manues · November 3, 2023, 9:26pm

Thank you, @Wheaten and @SimonE.

What would you suggest as the best practices to ensure the device’s security? I presume that all the currently installed plugins will remain functional after a password update. Is the correct procedure, upon the release of a new version, to simply reflash, reinstall the plugins, change the password, and proceed as usual?

Thank you.

SimonE · November 3, 2023, 9:53pm

Volumio is not super secure, but for me, more than safe enough. It’s behind my firewall, it hosts only a music streamer, no personal info or data. If I was worried, I guess I could disable ssh (which is default disabled anyway). If someone did break in* and screwed with my setup, I could be up and running again in 15 mins with a backup of my SD.

never heard of this happening to anyone’s Volumio

manues · November 4, 2023, 1:26am

Thank you @SimonE. Appreciate your inputs

manues · November 4, 2023, 1:29am

@SimonE on the topic of security. What ports/protocols we should allow for the volumio host

SimonE · November 4, 2023, 8:18am

I’m not sure what you’d need to set up ports for. Your Volumio is not a public website, you can only access it from within your wifi/ethernet network.

Josh2000 · November 5, 2023, 7:45am

i think @manues @SimonE Manuel want‘s to configure outgoing ports (needed for cloud services etc.), which is usual in a higher security environment. Right ?

best regards

Josef

manues · November 5, 2023, 3:51pm

Thank you @SimonE for keeping my topic active… I was “out of action” yesterday.

Thank you @Josh2000 for your inputs and you are correct.

So here is my dumb question. Is there a possibility for someone from internet can access volumio device?

Wheaten · November 5, 2023, 4:56pm

in order to do damage:
Only if you add port forwarders in your router to the Volumio device, like 22 or 80.
If you don’t do that your pretty safe.

Josh2000 · November 5, 2023, 6:24pm

no i guess i‘m not right - i thought you are afraid of you could access the internet from your device- NOT that someone could access it from outside

if you don’t understand me - please forget it

this is not an it security forum

manues · November 5, 2023, 8:23pm

@Josh2000 I understand this is not a security forum… However, any device in your network where anyone can get privileged access pretty easily is always a challenge. I am not really worried about volumio getting crashed or hacked. But I am thinking about someone can easily land on volumio and plan their next phase from the host… Anyway… let me dig around to find my way around…