Hi;
I love DietPi, it is the long lost server for my multiple Pi systems running all around my house and work.
I believe that there are some security issues which should be considered on the next release of DietPi, like starting with a normal user instead of using root for ssh access.
If you would like to secure your system please follow these steps;
groupadd -g 1000 pi
useradd -g 1000 -u 1000 -m -s /bin/bash -d /home/pi pi
apt-get install sudo
usermod -G sudo pi
passwd pi
After applying all of the above, you should have a pi user available in /home/pi with your desired password. Try becoming “pi” user by typing
su pi
and then try becoming root by typing
sudo -s
It should ask for your password to become the super user (root). If you are not able to become root, very carefully type exit to go back to your root session from pi session and go over the previous steps since you are probably missing something. If everything is OK, now try to connect to your pi with the new user you have created;
ssh pi@xxx.xxx.xxx.xxx
sudo -s
Now let’s disable root password login, in /etc/default/dropbear change;
DROPBEAR_EXTRA_ARGS=
to
DROPBEAR_EXTRA_ARGS=-g
which would disable root password logins.
After this point you or someone else will not be able to login remotely with your root password. You will always have to login with your pi user (I’m sure you know that you can change that username if you want) and then become root which is a great way to secure a server setup from ssh brute force attacks.