I recently set up my new Umbrel node and encountered a hiccup while upgrading to Umbrel 1.0. The upgrade process seemed to get stuck midway. To resolve this, I SSH’d into the node using the default ‘umbrel’ username and password. After a reboot, I found myself unable to log back in with the default credentials, facing an ‘invalid password’ error, despite not changing the password myself.
This situation raises a few questions regarding the default ‘umbrel’ account:
-
Security Best Practices: Is it recommended to change the default password or delete this account entirely for enhanced security?
-
SSH Access Concerns: Given the default credentials, is there a significant risk of unauthorized SSH access to my Umbrel node? What steps can I take to mitigate this risk and ensure only authorized access to the node?