Anyone know how to change the default passwords in lightning labs app and thunderhub? It is easy to change and enable 2FA in RTL
Those are hardwritten into each app conf file.
You will need to enter into the belly of each docker container and is not easy.
Also after each update will be overwritten.
I suggest to just wait until a fix will be made. Is not a big deal.
Digging into softwareâs configuration can do more damage than good.
99% of the time you are accessing your node form your own LAN, so why so much paranoia?
If you access your node using onion address from outside, you will acessing also from your own devices not from random computers that are not yours.
So the chances that somebody will access your node with default password will be ONLY when you give them your onion address⌠otherwise they just suck it.
I would like to see an easier way to update default passwords for installed apps.
Well, the onion address is usually bookmarked in the tor browser, so whoever gets access to my machine can spend stuff from thunderhub. Exact reason why I have uninstalled it.
Then why are you still running a node?
Anybody can steal your node too, if they can take your PCâŚ
Why are you going out? Anytime something can fall onto your headâŚ
This is life, taking risks is part of it. Secure it is your duty.
That part with âsomebody can access my bookmarks and for that I remove itâ make me laughâŚ
No reason to argue about this. I think both of you are right. On one hand this is new tech and carries risks with it. On the other hand, one purpose of this site for users to express desired upgrades. I think an upgrade that includes the ability to change passwords on apps is reasonable.
The whole point of this thread is that while RTL is protected by two or three secrets (tor url, password and optionally 2fa), ThunderHub is protected bu one (tor url). As such, it is an order of magnitude more risky to have installed than RTL, if ThunderHub developers care they should beef up the security. Personally, I think ThunderHub is not as good as RTL, though it has some nice features (f.e. sending sats via selected channel, routing graph, etc.). So no regrets uninstalling it.
BTW, good approach would be an option for Umbrel to match all passwords to one from Umbrel itself. Simple and secure enough.
I thought onion addresses are often public, are they not?
For example here, you can see the onion address as: 02045f289f0de16b275e925aff584bc6c626dddc0f29e15b367d68a35de445d98b@dt7xgfkbudhgiyxgpapfta3xnoaicnflcmqxrdtnty67r7ealxz5mgid.onion:9735
What am I misunderstanding here?
This is a different Tor address, not the one you would log in to, and itâs for the LN nodes to connect to each other, if Iâm not mistaken.
Youâre correct I learned since.
To change thunderhub password:
- ssh to umbrel
- open file
/home/umbrel/umbrel/apps/thunderhub/data/thubConfig.yaml
- replace password value on first line. Keep the single quotes
'
, e.g. masterPassword:my new password
- Install or restart thunderhub
Do you have to do this after each upgrade or just once?
No idea
Same. Just installed Thunderhub and there are loads of things to click on and none of them are change default password. Come onâŚletâs work togetherâŚbut this is fucking stupid.
Looking forward to ThunderHub offering (hopefully forced) password change. Pretty risky at the moment if you accidentally enter your Tor url somewhere you shouldnât eg in a non-tor browser address bar as it will go to search and anyone who sees your search history, browser history or someone working at the search engine can have access to all of your lightning and on-chain bitcoin.
@DarthCoin - this is just the best reply ever man! keep doing what you are doing for the community⌠itâs really appreciated.
I just deleted the app temporarily until I understand how to make it more secure.
For the line Iâm supposed to edit in the file thubConfig.yaml
This is what I see:
masterPassword: â$APP_PASSWORDâ
Am I supposed to replace the value between the quotes with a new plaintext password, and is that secure enough?
Hello, has the situation changed for ThunderHub? I see now that it give you a very long, what looks random, default password at install. Is it then more safe to use? Should I still change it or can I use it with the default random password given by Umbrel app install page?
What about 2FA? is it planned for ThunderHub, is anyone involved in this app here?
Yep theyâve fixed it now. Everyone gets a unique password thatâs safe to use