Regarding the renamed pi user’s home directory, creating a symlink in /home to the new location is an easy way to catch any hard coded paths. I always do this when manually renaming users and it can save a lot of headaches.

With Wayland, will Kodi work on it? Also how about Dual Screen support?

RIP all my youtube tutorials :'(
Seriously though, thanks for providing a way to set up a default user in headless mode. I almost exclusively use the Lite version and set everything up headless, so having a way to do this is super convenient.

Also, a note on the password creation from the command line. In bash, if you type a space before the “echo mypassword” command, it won’t log your password in the terminal history.

Hello. I have a Raspberry Pi OS (Legacy) and the command “sudo rename-user” does not work. what should I do to rename my username? THanks.

While I understand the ‘why’ here, this is really going to break a ‘lot’ of folks. I would have hoped that you would have rolled out the new features in this release while still letting the default pi user exist until the ‘next’ release. Just making this change in one big step is a really bad idea.

Thanks for this upgrade, good job folks!
Any word about the kernel version bump (5.15) according to the release notes ?

Any picamera2 updates?

1. Does this apply to Lite images?
2. How do I pre-install my ssh public key and disable password logins under the new system?

One correction, the provided OpenSSL command does a one way hash of the password, it’s not encrypting it.

Apparently an existing installation does not get rename-user. Not found in repo and not installed following “apt-full-upgrade” (On an existing “Lite” install.)
:(

These changes are fine and I really like the new installer features. But I do miss xrandr under wayland, any substitutes?

Thanks for thinking of those wanting to do a headless setup – the advanced section in the Pi imager is such a good feature, glad it has been made more discoverable in recent releases.

The Release Notes start “Default “pi” user” – presumably this is Unicode (and I haven’t tried to convert) BUT surely the Release Notes should be plain text.

Please extend the userconf.txt mechanism so that if the username:password line is followed by an ssh key that new user is set up with that key.

Awesome, and happy to hear about the new way to create a user headlessly. Like another commenter, I pretty much use that method exclusivly. Out of curiousity, Raspberry Pi OS now has a lot of these initial setup/bootstrap options now. I’m thinking it might be better architecturally to adopt something like cloud-init for them. It would be super handy, and simple, to be able to drop a cloud-init.cfg (or some file name) in the boot directory and have all that functionality. Enabling SSH? Check, add a new user? Check. Add multiple users, each with their own authorized_keys files? Check.
It seems like it would be straight forward to set up and I don’t think it would add much overhear, either.
Thoughts?
Thanks for a great OS! It’s my son’s first computer. :)

The userconf / userconf.txt makes me wonder, do you have a similar facility for setting the wifi country code on headless installs?

Explanation below:
Last headless I did, (bullseye) a few months ago I’ll admit, had the wifi locked down until the country code was set in the raspi-config – this made it kinda annoying to configure in a network without wired available.

And yes, I did set the country code in my wpa_supplicant.conf in the FAT partition.

I get it that many just copy’n’paste the wpa_supplicant.conf, but can we get a wificountry.txt or similar where we can put the country code or something and have the boot-scripts disable the disabling of wifi?

Keyboard layout handler is not working properly, as I am not able to switch between ‘Indian’ and ‘US English’ keyboard layouts. 32 bit Buster Edition do not have this problem.

We really Need pre-compiled drivers for most commond WiFi cards.

We create custom Raspberry Pi OS images for our CM3-based products. We start with the Raspberry Pi OS images from you, but then we install additional software to support our hardware.
What procedure do you recommend for an OEM-like experience, where the OEM needs to add additional software to the system, but then still let end users run the wizard on first boot to customize their usernames, hostnames, locale, etc?

I can find legislation in the US, UK, and other countries that forbid default passwords, but I’m unable to find new regulations about usernames. Is there any? In any case, it’s still a good initiative to remove the default username for improved security.

Does trying to configure a headless zero with the lite image fail for anyone else? I’ve tried both wireless networking and with an ENC28J60 ethernet device.

When I connect a monitor and keyboard to debug, I see the userconf dialog and it just goes into a loop of asking me to configure the keyboard, which I do, and then it proceeds back to starting over with configure the keyboard again.

Where is the source to the userconf-pi package?

Where is the appropriate place to report this bug?

rename-user didn’t work very well on an existing bullseye system. System hung after rebooting. Power cycled system; ‘pi’ user still there, except that its group ownership (not user, however) had changed to the new username. Another reboot & it hung again.

I’ll try again with a vanilla install.

Did not test it yet.
But if the desktop isn’t working, I already know I’ll bump into trouble.
For up untill now I had to change the keyboard to Belgium via /preferences/configuration BEFORE i can make a new password.
Well, surely this is possible by just trying the keys, trial and error, but what If your arabic or chinese?

Does this including picamera2 and upgrading python3.10(previously 3.9.2)?

Will Wayland break RealVNC (and Anydesk) like it doesn on Ubuntu?

Lst raspbian release, just launched sudo rename-user, rebooted and i see no wizard to change the username, Now my GUI is just an empty screen with a nice wallpaper (all via VNC): i can only operate via CLI. I don’t wanna connect an HDMI screen. How can i solve this?

Does the new system still create a terminal session for the default user? Advice us to disable using the config tool but (my reading of) the options seem to only allow you to disable it and the autologin to the desktop.

Thank you for all the recent improvements, particularly allowing the default user id to be customised.
Could I ask you to consider recording the name of the image file within the installed OS. This would be so helpful further down the line when one is trying to resolve issues.

Thanks.
That was a headache. Thanks for the Tylenol Mr. Long. I also learned some new stuff.

I really dislike how computer companies, websites, and software companies protect us from ourselves. My Raspberry Pi’s are only used on a hardened internal network. Obviously Raspberry Pi doesn’t realize how much time it is going to take me to re-write all my home brewed software. :-(

One last question. Can I clicked updater’s icon?

FYI, the OpenSSL command to compute the hash won’t work quite right as written since `echo` appends a newline to the password. I’d use `echo -n ‘mypassword’ | openssl passwd -6 -stdin` or `printf -n ‘mypassword’ | openssl passwd -6 -stdin`. An even better option for some would be to just run `openssl passwd -6` and forego writing the password on the command line (which by default will be written to shell history).
If you’re trying this out and wondering why you get different results when repeating the command, it is because the SHA512Crypt algorithm factors in a random salt value to prevent cracking with pre-computed hashes. As was mentioned by others, the result of this command is actually a hashed version of the password and not encrypted!

I do like the idea of creating your own username/password up front. One of the things I always had to do (in my home network) after installing a new image is to give the user ‘pi’ another uuid (and fix up where needed) and then add my own username(s) to the system so they have the same ids as the rest of the systems on my network. nfs, for example, is picky about such things. This addition will simplify my initial setup going forward! Thank you. Thank you.

How about to release a desktop version of Raspberry Pi OS based on Ubuntu? The same way, Armbian does.

I have found an issue:
If you use the userconf file, you don’t get any of the other setup options, such as enabling bluetooth. I don’t have a problem ssh’ing in, then running raspi-config to enable VNC, but it would be nice to have the bluetooth keyboard discovery option…

I had a big row with the OctoPrint people over this. Everything is hard coded to use “pi” and I have always removed it from every install and put my own user in so couldn’t get their stuff to work. In their eyes I am an idiot. C’est la vie.

After running “sudo rename-user”, I lost my cronjob. Is the file still there?

Why this time wasting solution?
Just because some people are not able to change passwords? Sorry it is stupid.

Installed the new Lite version on a new Samsung 32gb card, launched it on my Pi 400. Have set up wireless a zillion times but I keep seeing “device not ready” (network-manager-gnome). SP working fine, SSID is correct, no security, device is selected. Is it possible that the driver was omitted from Lite?

Installed the new 64 Bullseye Lite on a fresh Samsung card, booted on my Pi 400 where everything has worked perfectly. I’ve installed wireless a million times but I keep getting “device not ready” (network-manager-gnome) or AP not associated on CLI. AP works fine, SSID is correct, device identified, no security–still zip. Is it possible the Broadcom wireless driver was omitted from the Lite version?

I run pi’s headless. Tried to run headless bullseye on a pi3b. I’m not a script kid, however I am good at editing and copying scripts if the code is shown. I tried to create a userconfig about 4 times in the root. I’ve looked up and down and can’t find an example. Please excuse my code ignorance, but can someone just show an example like user: foo and password: bar?
:
username is foo? encrypted- password? I opened up ssh on an existing pi and ran
Where do I paste the string? Do I replace “encrypted” with the string? Do replace “password” with bar?
If I mess up do I need to run a script to revert back to default 1st boot?
Thanks,

Hello Simon,
In Bullseye version there is/was a bug with the keyboard layout handler. To be exact, even though second language can be added in keyboard layout handler settings, changing language from keyboard shortcuts is not working. At least that was the case in previous bullseye release. Does this issue being addressed in latest release ? Cause it’s a deal breaker.
Thank you!

As per the instructions on this page : To update an existing image, use the usual terminal command:

sudo apt update
sudo apt full-upgrade

Ran the above. Rebooted…
ran cat /etc/os-release in terminal: Returned:

PRETTY_NAME=”Raspbian GNU/Linux 10 (buster)”
NAME=”Raspbian GNU/Linux”
VERSION_ID=”10″
VERSION=”10 (buster)”
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL=”http://www.raspbian.org/”
SUPPORT_URL=”http://www.raspbian.org/RaspbianForums”
BUG_REPORT_URL=”http://www.raspbian.org/RaspbianBugs”

:) Still on Buster? What am I missing?

Hi Simon
Thanks for all the info. I am running KDE Plasma as my desktop and the rename user script does not work (nothing happens on reboot). I have tried from the default session, but no result. Can you suggest a way of getting the script to work?

Tried to burn a new image to SD this morning with no joy: my Pi400 just sits there flashing an underscore right at the point the initialisation process used to run the partition resizer before rebooting.
I’m using my own install script now with user creation as detailed above (script: https://github.com/smittytone/scripts/blob/main/pi.zsh) in addtion to ssh and WiFi setup in in the usual headless way. Installing the previous PiOS release works just fine — I testeded it just now — but not the new one. Only difference is unpacking a .xz archive rather than a .zip one. Any ideas?

Thank you for making this change. I have always gone through the gyrations of creating a new user, granting them sudo, then removing user ‘pi’ on every new install. Making this part of the install flow is a huge improvement in my eyes.

I love the 64-bit Pi OS version, but I still see xrdp is broken in this latest image unless you add a second user, and that user is not a member of the render group. I tried removing the primary user from the render group (i.e. the first account you create when setting up Pi OS), but xrdp will still not work for this user, even if the xrdp session is the only login instance. This is a pity, as you need to be a member of the render group for graphics hardware acceleration to work. xorgxrpd can use graphics acceleration to improve xrdp session graphics performance, as its glamor enabled. I prefer to use my 8GB Pi 4 headless connected via usb-c ethernet to an iPad Pro with keyboard. The iPad provides the UI via Microsoft iOS RDP client which includes audio support (unlike iOS VNC viewer) … plus, other apps such as blink. I have this fully working on Ubuntu-Mate 21.10 64bit, along with audio support, but performance on Pi OS 64 bit unaccelerated is still better, especially audio, providing you disable mutter (I assume this is due to less overheads of Pi OS c.f. Ubuntu Mate?). I would love to get Pi OS xrdp session running with graphics acceleration, but the permission issue appears to be hardwired into the kernel?

So after this version, users are no longer allowed to remote ssh into raspberry pi without a monitor at the first login? sad

Hi,
I’m having an issue with the forced raspi-config.
I’m using Packer to provision a lite image which will then use the Raspberry Pi imager to set just the hostname.
All other configuration; wireless, keyboard settings, locale, removal of the pi user, creation of a new user is all handled by packer.
Even with the pi user removed, it still prompts to create a new user on boot and even worse, sets it to login automatically.
If I use the /boot/user.conf trick, it still sets that user to login automatically.
How I can I prevent the raspi-config from running on first boot?

Please look at: https://github.com/RPi-Distro/userconf-pi/issues/2

Grabbed rpi-wayland from apt, updated and upgraded, switched to Wayland with raspi-config aaanndd I’m still on x11? Help would be appreciated as my pi is solely for playing back video and Wayland might solve the slight tearing issues.

If I place a userconfig file (without .txt extension) and ssh file in root directory and start the pi the first time on a display it tells me during boot:
‘[FAILED] Failed to start User configuration dialog.’
That several times. Then it continues to the Welcome screen. Most important: I can’t connect via ssh to the pi using the username and password which I provided in the userconf file. Is this a known issue?

What is para ‘-6’?

All new images (lite 32-64, normal 32-64) are sending me all time to root locked. Updating from previous versions do the same. i changed 4 different SD cards. I just can run previous version on my pi 4 b. New usser prompt never appears. after load/save seed and rfkill, suse module inspection becomes and after that root user is locked message. Please i need help

I’m missing the ‘connected to the internet’ icon after entering the wifi password, which makes you unsure if the connection has been established.

Where is the camera module ? In the new image how to enable camera module to work?

The project I work with, Openmediavault, specializes in creating easy to use NAS servers with an Admin GUI. https://www.openmediavault.org
__________________________
In cases of supporting R-PI’s and other SBC’s, and in support of new users and Linux beginners, the server app installation process is done VIA SSH with a script.
Since the first time boot wizard is not triggered by SSH access, I’ve been forced to direct link to an older image until a work around can sorted out.
Please e-mail me, when it’s convenient.
Regards.

Extra info for the post above:
omvguide@gmail.com
Additional Web Site URL:
https://wiki.omv-extras.org

As someone that doesn’t keep up to date on Raspbian updates the new user thing took me an hour to figure out through reddit.

Anyway to hash the new user password on a non linux os WITHOUT having to homebrew openssl or downloading a yet another disk imager?

I have just used the image maker tool on my Mac to create anew Bullseye image for my Pi3b and I have to say it was a treat to use. Some much easier than the old way.
Thank you,
Bob

This had me stumped. Very much a case of rtfm, but may i suggest a note on the imager? Those using other imaging tools are in for some fun. Perhaps also a note on the Rasbian download page to avoid headaches?

The imager doesn’t make this option obvious at all, meaning you produce a headless image SD card and waste a good half an hour f’ing around trying to work out why pi/raspberry is now being rejected. Personally I think this is a bad change, the experience is now universally worse/more cumbersome in order to cater for people that – frankly – will *always* find a way to produce insecure installations despite your efforts.

What a disappointment regarding the Headless Setup! 1) Some of us who work only headless, do not have a monitor with a micro-HDMI interface. 2) Some of us cannot install the Raspberry Pi Imager due to library dependency issues or do not wish to install it because we have our own fine tools for that purpose, regardless if the Raspberry Pi Imager is free. 3) The ‘openssl passwd’ with the -6 option may not be supported in our systems (I was lucky that it run in a previous buster image that I had to setup from scratch). Is it really worth the so-called security to avoid providing just one hashed version of the ‘raspberry’ password, considering that consecutive openssl commands produce different results? So, to avoid wasting several hours of frustration with Permission denied, create a file called ‘userconf’ or ‘userconf.txt’ in the boot partition of the SD card with one single line (no linefeed at the end) with the following content and use ‘raspberry’ as password for your first login of user ‘newuser’. newuser:$6$DDAc06HDo9lQufr4$650WAMQfti/nChvgDJKVYdY2fb8gnH6XY50hIYoKKhdn14.RG9LkkDlWM0oNNnuJwaptzJsckYIqu.oi3J3ay/

Hi, could you update your official documentation regarding the default user and SSH? https://www.raspberrypi.com/documentation/computers/remote-access.html#setting-up-an-ssh-server
Thanks.

After imaging the raspberry pi when logging in for the first time by ssh. When I put the default password it is denied.

Hey Simon:
Thanks for all you do. I understand the need and importance of security. I also understand that Buster is out of date, and I, and my students all upgraded to Bullseye.

I THOUGHT I understood that Raspberry PI was supposed to be a teaching platform.

That said – why does Raspian Bullseye BREAK the C programming language? GCC doesn’t work. You can’t even compile the simplest possible program
int main(){}
It no longer recognizes the all important stdio.h
Who do I have to beg to get this fixed? I have to retrograde all my students back to Buster to get C to work again! In this respect – Bullseye missed the mark.