What is the purpose of auto-login? Is it safe/secure?












2















Please excuse my ignorance. I have searched and I haven't found anything that addresses my question.



What is the purpose of auto-login and is it safe to enable?



I am using my Pi 3B to host a very light-weight RESTful API which I intend to expose through a port forwarder.



Is auto-login insecure for this situation?



Thanks in advance for your help






security







share|improve this question



























    2















    Please excuse my ignorance. I have searched and I haven't found anything that addresses my question.



    What is the purpose of auto-login and is it safe to enable?



    I am using my Pi 3B to host a very light-weight RESTful API which I intend to expose through a port forwarder.



    Is auto-login insecure for this situation?



    Thanks in advance for your help






    security







    share|improve this question

























      2












      2








      2


      1






      Please excuse my ignorance. I have searched and I haven't found anything that addresses my question.



      What is the purpose of auto-login and is it safe to enable?



      I am using my Pi 3B to host a very light-weight RESTful API which I intend to expose through a port forwarder.



      Is auto-login insecure for this situation?



      Thanks in advance for your help






      security







      share|improve this question














      Please excuse my ignorance. I have searched and I haven't found anything that addresses my question.



      What is the purpose of auto-login and is it safe to enable?



      I am using my Pi 3B to host a very light-weight RESTful API which I intend to expose through a port forwarder.



      Is auto-login insecure for this situation?



      Thanks in advance for your help






      security




      security






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Feb 3 at 20:53









      user919426user919426

      1133




      1133






















          1 Answer
          1






          active

          oldest

          votes


















          9














          Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.



          It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.



          So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.



          Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.






          share|improve this answer


























          • Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?

            – user919426
            Feb 3 at 21:06








          • 1





            No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or through raspi-config? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?

            – stevieb
            Feb 3 at 21:08













          • Yes, through raspi-config. I will re-try

            – user919426
            Feb 3 at 21:08











          Your Answer






          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("schematics", function () {
          StackExchange.schematics.init();
          });
          }, "cicuitlab");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "447"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fraspberrypi.stackexchange.com%2fquestions%2f93816%2fwhat-is-the-purpose-of-auto-login-is-it-safe-secure%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          9














          Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.



          It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.



          So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.



          Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.






          share|improve this answer


























          • Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?

            – user919426
            Feb 3 at 21:06








          • 1





            No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or through raspi-config? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?

            – stevieb
            Feb 3 at 21:08













          • Yes, through raspi-config. I will re-try

            – user919426
            Feb 3 at 21:08
















          9














          Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.



          It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.



          So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.



          Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.






          share|improve this answer


























          • Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?

            – user919426
            Feb 3 at 21:06








          • 1





            No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or through raspi-config? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?

            – stevieb
            Feb 3 at 21:08













          • Yes, through raspi-config. I will re-try

            – user919426
            Feb 3 at 21:08














          9












          9








          9







          Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.



          It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.



          So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.



          Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.






          share|improve this answer















          Auto-login is simply a convenience feature. By default, on the local console or UI, it provides the ability to not have to enter your user password before continuing loading the user's environment.



          It's insecure only if anyone else has direct, physical access to your Pi. Over SSH remotely, the user's password will still be required (so you definitely should change it, even if you don't have auto-login!). It doesn't affect a REST or other API (ie. web server) running on the Pi either.



          So, to repeat, auto-login is a convenience, that only affects the person logging into the physical device.



          Personally, I use it on all my Pis (I have numerous in various testing/development environments), but it's quite rare I use my Pis directly. Typically I set up SSH keys and connect remotely. Only time I use direct access is for network related changes. This allows me to have crazy passwords that I don't need to remember. On the console, it auto-logs in, and over SSH, I use identity keys.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Feb 3 at 21:58

























          answered Feb 3 at 21:03









          steviebstevieb

          1,146410




          1,146410













          • Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?

            – user919426
            Feb 3 at 21:06








          • 1





            No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or through raspi-config? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?

            – stevieb
            Feb 3 at 21:08













          • Yes, through raspi-config. I will re-try

            – user919426
            Feb 3 at 21:08



















          • Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?

            – user919426
            Feb 3 at 21:06








          • 1





            No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or through raspi-config? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?

            – stevieb
            Feb 3 at 21:08













          • Yes, through raspi-config. I will re-try

            – user919426
            Feb 3 at 21:08

















          Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?

          – user919426
          Feb 3 at 21:06







          Thank-you. I went ahead and disabled it, now I cannot SSH to it. Does it mean services such as SSH would not be running until I login or enable auto-login?

          – user919426
          Feb 3 at 21:06






          1




          1





          No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or through raspi-config? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?

          – stevieb
          Feb 3 at 21:08







          No. SSH shouldn't be affected by that change. Are you sure you didn't accidentally disable SSH? How did you make the change? In the config file, or through raspi-config? Also, did you do a reboot and your IP of the Pi changed? ie. How are you connecting via SSH?

          – stevieb
          Feb 3 at 21:08















          Yes, through raspi-config. I will re-try

          – user919426
          Feb 3 at 21:08





          Yes, through raspi-config. I will re-try

          – user919426
          Feb 3 at 21:08


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Raspberry Pi Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fraspberrypi.stackexchange.com%2fquestions%2f93816%2fwhat-is-the-purpose-of-auto-login-is-it-safe-secure%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Human spaceflight

          Image
          Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e
          Read more

          Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

          Image
          0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB]
          Read more

          File:DeusFollowingSea.jpg

          Image
          File:DeusFollowingSea.jpg From Wikipedia, the free encyclopedia Jump to navigation Jump to search File File history File usage No higher resolution available. DeusFollowingSea.jpg ‎ (238 × 211 pixels, file size: 12 KB, MIME type: image/jpeg ) Summary [ edit ] Media data and Non-free use rationale Description Cover art of the Deus CD Following Sea Author or copyright owner Deus Source (WP:NFCC#4) rocksucker.co.uk Date of publication 2012 Use in article (WP:NFCC#7) Following Sea Purpose of use in article (WP:NFCC#8) to serve as the primary means of visual identification at the top of the article dedicated to the work in question. Not replaceable with free media because (WP:NFCC#1) n.a. Minimal use (WP:NFCC#3) Low res image used in infobox of the article on the album Respect for commercial opportunities (WP:NFCC#2) n.a. Fair use Fair use of co
          Read more