Raspberry Pi Hardware List
- Raspberry PII from Farnell.
- Power Supply for Raspberry PII from Amazon.
- Raspberry PII Transparent Case (Blue) from Amazon.
- A 2 meter HDMI to DVI Cable to connect the Raspberry PII to my Monitor (for setting up) from Amazon.
- 1x 32GB Sandisk SD SDHC Card With Raspbian Wheezy Linux Preinstalled from The Pi Hut.
Initial Software Setup
If you’ve already set up your pi and you need to get to this menu again, the command is.
Couple of assumptions I’m making here, your running Raspbian, you have a passing familiarity with Linux (you don’t have to be an expert) and the other, is that your Pi is already built and connected to your home network.
I’m going to be running DNS, DHCP and IPv6 Tunnel services on this Raspberry Pi, so I’m going to be running it headless (no keyboard, mouse or monitor). If this isn’t what you want to use your Pi for, then this howto probably isn’t for you.
Select expanding the root filesystem and press Return, this will expand the filesystem from 2Gig to the full size of your SD card.
I’m going to run this pi headless and secure shell into it over my home network, at the moment, memory is shared equally with the graphics card which is a bit of a waste. So I’m going to select memory split and release more memory from the graphic card to the operating system.
Select 16M, if you decide at a later date you want to run a GUI then you can go back and change it back.
Select Ok above, then select Finish.
Configuring the Pi with a static IP address
At this point, I’m going to have to make the assumption that you already have your Rasperry Pi connected to your home network, and it already has an IP address allocated by your routers? You can of course check this by running the following command at the prompt.
You output should be similar to this.
.... eth0 Link encap:Ethernet HWaddr b8:27:eb:5a:54:42 inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 ....
The above is saying that ethernet port 0 has an IP address of 192.168.1.20
You will also need the address of your home router, use the following command.
You should get the following information back (or similar) take a note of the “default Gateway”, that should be the IP address of your router, as you can see, mine is “18.104.22.168”.
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
To change to a static IP address do the following.
sudo nano /etc/network/interfaces
Replace the line “iface eth0 inet dhcp” with the following. Remember, the gateway will be the address you took down earlier!
iface etho inet static address 192.168.1.200 netmask 255.255.255.0 gateway 192.168.1.254
The above shows that the router’s IP address (Gateway) is 192.168.1.254, most commercial routers will use that IP address or 192.168.1.1. Take a note of the address, you will need it later.
You will also need to have a look at the resolv.conf file, this should have either the IP address of your router (Gateway) or the IP address of your ISP’s DNS servers.
sudo nano /etc/resolv.conf
You should see something similar to what’s below, if that’s the case then all’s well. Personally I prefer to use Googles DNS servers, but that entirely up to you.
Info about Googles public recursive DNS can be found here
What I have in my resolv.conf file.
nameserver 22.214.171.124 nameserver 126.96.36.199
If however you see something like this in your resolv.conf file.
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
Your system is using a program called resolvconf, so instead of adding your nameserver to the resolve.conf file, you will have to add them to the following file instead /etc/network/interfaces.
Append the following to the bottom of the file.
# You will of course add your own details and not mine. # unless they are the same of course. dns-nameservers 188.8.131.52, 184.108.40.206
Time to test it and see if all’s well, at this stage, I would suggest a reboot.
After the reboot, log in as normal and test. Ping the router (gateway) to make sure it’s getting a network address.
ping -c 5 192.168.1.254
You should get a result similar to this.
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. 64 bytes from 192.168.1.254: icmp_req=1 ttl=64 time=2.22 ms 64 bytes from 192.168.1.254: icmp_req=2 ttl=64 time=0.867 ms 64 bytes from 192.168.1.254: icmp_req=3 ttl=64 time=0.831 ms 64 bytes from 192.168.1.254: icmp_req=4 ttl=64 time=0.874 ms 64 bytes from 192.168.1.254: icmp_req=5 ttl=64 time=0.861 ms --- 192.168.1.254 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 0.831/1.132/2.227/0.547 ms
Next test to see if you’ve put in the correct DNS settings.
ping -c 5 www.google.com
You should get results similar to the ones below. If you do then all’s well and everything is as it should be. Job Done.
PING www.google.com (220.127.116.11) 56(84) bytes of data. 64 bytes from wg-in-f106.1e100.net (18.104.22.168): icmp_req=1 ttl=50 time=34.0 ms 64 bytes from wg-in-f106.1e100.net (22.214.171.124): icmp_req=2 ttl=50 time=32.3 ms 64 bytes from wg-in-f106.1e100.net (126.96.36.199): icmp_req=3 ttl=50 time=32.5 ms 64 bytes from wg-in-f106.1e100.net (188.8.131.52): icmp_req=4 ttl=50 time=33.1 ms 64 bytes from wg-in-f106.1e100.net (184.108.40.206): icmp_req=5 ttl=50 time=32.9 ms --- www.google.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4005ms rtt min/avg/max/mdev = 32.328/33.006/34.045/0.605 ms
Securing your Raspberry Pi
Your asking yourself “Why not just change the pi password?” Sure you can do that, but if someone knows the login, then given time, they can brute force the password, why make it easy?
- We need to create a new user account.
- Add the new user account to the groups that the default pi account is a member of.
- Delete the pi user account.
Default login for the Raspberry Pi is pi and the password is raspberry.
Log in to the terminal and create your own username and login. I’m going to create a user called Jimbob.
sudo adduser jimbob
Raspian will create the user and prompt you to set a password, as well as other personal information. Fill in the applicable fields and type y to confirm the information is correct.
The result will look similar to this
Adding user `jimbob' ... Adding new group `jimbob' (1001) ... Adding new user `jimbob' (1001) with group `jimbob' ... Creating home directory `/home/jimbob' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for jimbob Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] Y
We need to add the new user to the same groups that the pi user is a member off. To list the groups that the pi user is a member off type:
pi@raspberrypi ~ $ groups pi
You’ll get a list like this.
pi : pi adm dialout cdrom sudo audio video plugdev games users netdev input
At this stage, it’s probably a good idea to add your new user, to the groups that pi is already a members of. It also means that your new user account should have the same access right to the machine as the pi account.
sudo usermod -a -G sudo,adm,dialout,cdrom,audio,video,plugdev,games,users,netdev,input jimbob
Another look at the groups will show that the new user account jimbob is also a member of all the groups that the pi is a member off.
jimbob : jimbob adm dialout cdrom sudo audio video plugdev games users netdev input
As you can see from the output above, your user login is in the sudo group so all should be well. Saying that, it’s always best to test, so I would suggest that you reboot pi and test your login and update your installation. To reboot type the following.
sudo shutdown -r now
When it reboots, log in with your new user and try to update the operating system. If the pi lets you update ok, then everthing is working as expected. Type the following to update you installation.
sudo apt-get update && sudo apt-get upgrade
If all goes well, then your new account has root access and it should be safe to delete the pi user account. (if not then check the stages above to ensure that nothing’s been left out) If you intend to use this linux machine to connect to the internet and allow the internet to connect to you, then you really need to delete the pi account, as the login and default password are common knowledge.
To delete the pi user account, type the following at the prompt.
deluser --remove-home pi
Enabling SSH on Reboot.
On some of the supplied images, Secure Shell or SSH for short is already set to start at reboot. If you’ve been following these instructions, then you’ve already rebooted. So all we need to do is see if SSH is running, and if it is, then there’s nothing more to do. If it’s not then we need to enable it.
Check to see if ssh is currently running after your reboot.
If you see the following message then SSH is running.
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:ssh *:* LISTEN
If you don’t see the message above, to enable SSH to start on reboot, do the following. At the prompt type.
Select Enable or disable ssh server, press Enter.
Then select finish, press Enter. All Done.
Disabling root ssh login
I’m only going to log into my raspberry from my own network, But at some point I might want to enable logins from the internet. So it’s always good practice to disable ssh root login, to do that you need to edit the sshd_config file.
sudo nano /etc/ssh/sshd_config
Look for a line that say PermitRootLogin and change it to no.
If you do intend to log into your raspberry pi from the internet, then I would be inclined to either one of the following.
- Install failtoban and map ssh to a higher port on your router.
- Login via certificates only.
Regenerate you SSH host key
Before you start connecting to your pi via ssh, you might want to re-generate your host keys. This part is optional so you don’t really have to do this. I’ve included it for completeness.
Delete the old host keys.
sudo rm /etc/ssh/ssh_host_*
Generate a new host key.
sudo dpkg-reconfigure openssh-server
Expected output from the above command.
Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... [ ok ] Restarting OpenBSD Secure Shell server: sshd.