The following is a way to set SSH password in secure way in my understanding. Basically, I added another user, and block “volumio” from ssh connection.
sudo su
adduser pinebud
usermod -a -G sudo pinebud
echo “DenyUsers volumio” >> /etc/ssh/sshd_config
If you want to use volumio account.
connect through pinebud account
sudo su volumio
Thank you. This worked for me perfectly. I can have a unique ssh username / password that aren’t the default, and plug-in installation still works. They should have a first run script on the Volumio image that makes you make such new credentials, and then denies Volumio in the future. Then everyone would be happy. And to the person that suggested ssh keys, the user you make could have password or key based ssh access, but this approach avoids the issues Volumio has with the default account password changing.