Home server sertup. - Raspberry Pi Forums
hi, i've set rp home server , decided document in case ever have again. perhaps check in case there insecure setup.
want connect rp outside (from www) well. have dynamic dns name ready go.
let me know think.
set rp home server.
::: part 1 :::
access configure app
pi@raspberrypi ~ $ sudo raspi-config
select ssh , turn on ssh
can other stuff change password if want.
set automatic login
pi@raspberrypi ~ $ sudo nano /etc/inittab
# comment out part
1:2345:respawn:/sbin/ getty 115200 tty1
below it, add
1:2345:respawn:/bin/login -f pi tty1</dev/tty1>/dev/tty1 2>&1
identify rp on network assign static ip address.
open router port 22 rp ip address.
connect rp router , turn on
test connection
asdf@asdf:~$ ssh pi@enter_the_ip_addy_you_assigned_the_rp
if well
pi@raspberrypi ~ $ exit
::: part 2 :::
create passwordless access private/public keys (more secure)
info from:
http://inside.mines.edu/~gmurray/howto/sshnotes.html
# open terminal local computer.
asdf@asdf:~$ mkdir .ssh
# create keys...
asdf@asdf:~$ ssh-keygen -t dsa -c "key rp"
generating public/private dsa key pair.
enter file in save key (/home/asdf/.ssh/id_dsa):
enter passphrase (empty no passphrase):
enter same passphrase again:
identification has been saved in /home/asdf/.ssh/id_dsa.
public key has been saved in /home/asdf/.ssh/id_dsa.pub.
key fingerprint is:
69:bc:aa:bd:ae:e2:38:e1:aa:e6:a8:b4:16:89:c1:23 key rp
key's randomart image is:
+--[ dsa 1024]----+
| |
+-----------------+
# block access other users...
asdf@asdf:~$ chmod 600 .ssh/id_dsa
# put public key on remote computer...
# remember enter ip addy assigned rp on. also, remember colon @ end.
asdf@asdf:~$ scp .ssh/id_dsa.pub pi@192.168.10.100:
pi@192.168.10.100's password:
id_dsa.pub 100% 604 0.6kb/s 00:00
# install public key on remote computer...
asdf@asdf:~$ ssh pi@192.168.10.100
pi@192.168.10.100's password:
linux raspberrypi 3.2.27+ #250 preempt thu oct 18 19:03:02 bst 2012 armv6l
last login: thu nov 22 15:18:52 2012 192.168.10.101
pi@raspberrypi ~ $
# working on rp
# install public key on remote computer...
pi@raspberrypi ~ $ mkdir .ssh
pi@raspberrypi ~ $ cat id_dsa.pub >> .ssh/authorized_keys
# secure folder...
pi@raspberrypi ~ $ chmod 700 .ssh
# remove id_dsa.pub home directory...
pi@raspberrypi ~ $ rm id_dsa.pub
# checking password-less connection...
pi@raspberrypi ~ $ exit
logout
connection 192.168.10.100 closed.
asdf@asdf:~$ ssh pi@192.168.10.100
linux raspberrypi 3.2.27+ #250 preempt thu oct 18 19:03:02 bst 2012 armv6l
last login: thu nov 22 15:53:07 2012 192.168.10.101
pi@raspberrypi ~ $
::: part3 :::
# security set up
https://help.ubuntu.com/community/ssh/o ... onfiguring
pi@raspberrypi ~ $ sudo nano /etc/ssh/sshd_config
replace
#passwordauthentication yes
with
passwordauthentication no
add end of file
allowtcpforwarding no
change
x11forwarding yes
x11forwarding no
change
loglevel info
to
loglevel verbose
log can inspected here /var/log/auth.log
restart changes take effect
pi@raspberrypi ~ $ service ssh restart
want connect rp outside (from www) well. have dynamic dns name ready go.
let me know think.
set rp home server.
::: part 1 :::
access configure app
pi@raspberrypi ~ $ sudo raspi-config
select ssh , turn on ssh
can other stuff change password if want.
set automatic login
pi@raspberrypi ~ $ sudo nano /etc/inittab
# comment out part
1:2345:respawn:/sbin/ getty 115200 tty1
below it, add
1:2345:respawn:/bin/login -f pi tty1</dev/tty1>/dev/tty1 2>&1
identify rp on network assign static ip address.
open router port 22 rp ip address.
connect rp router , turn on
test connection
asdf@asdf:~$ ssh pi@enter_the_ip_addy_you_assigned_the_rp
if well
pi@raspberrypi ~ $ exit
::: part 2 :::
create passwordless access private/public keys (more secure)
info from:
http://inside.mines.edu/~gmurray/howto/sshnotes.html
# open terminal local computer.
asdf@asdf:~$ mkdir .ssh
# create keys...
asdf@asdf:~$ ssh-keygen -t dsa -c "key rp"
generating public/private dsa key pair.
enter file in save key (/home/asdf/.ssh/id_dsa):
enter passphrase (empty no passphrase):
enter same passphrase again:
identification has been saved in /home/asdf/.ssh/id_dsa.
public key has been saved in /home/asdf/.ssh/id_dsa.pub.
key fingerprint is:
69:bc:aa:bd:ae:e2:38:e1:aa:e6:a8:b4:16:89:c1:23 key rp
key's randomart image is:
+--[ dsa 1024]----+
| |
+-----------------+
# block access other users...
asdf@asdf:~$ chmod 600 .ssh/id_dsa
# put public key on remote computer...
# remember enter ip addy assigned rp on. also, remember colon @ end.
asdf@asdf:~$ scp .ssh/id_dsa.pub pi@192.168.10.100:
pi@192.168.10.100's password:
id_dsa.pub 100% 604 0.6kb/s 00:00
# install public key on remote computer...
asdf@asdf:~$ ssh pi@192.168.10.100
pi@192.168.10.100's password:
linux raspberrypi 3.2.27+ #250 preempt thu oct 18 19:03:02 bst 2012 armv6l
last login: thu nov 22 15:18:52 2012 192.168.10.101
pi@raspberrypi ~ $
# working on rp
# install public key on remote computer...
pi@raspberrypi ~ $ mkdir .ssh
pi@raspberrypi ~ $ cat id_dsa.pub >> .ssh/authorized_keys
# secure folder...
pi@raspberrypi ~ $ chmod 700 .ssh
# remove id_dsa.pub home directory...
pi@raspberrypi ~ $ rm id_dsa.pub
# checking password-less connection...
pi@raspberrypi ~ $ exit
logout
connection 192.168.10.100 closed.
asdf@asdf:~$ ssh pi@192.168.10.100
linux raspberrypi 3.2.27+ #250 preempt thu oct 18 19:03:02 bst 2012 armv6l
last login: thu nov 22 15:53:07 2012 192.168.10.101
pi@raspberrypi ~ $
::: part3 :::
# security set up
https://help.ubuntu.com/community/ssh/o ... onfiguring
pi@raspberrypi ~ $ sudo nano /etc/ssh/sshd_config
replace
#passwordauthentication yes
with
passwordauthentication no
add end of file
allowtcpforwarding no
change
x11forwarding yes
x11forwarding no
change
loglevel info
to
loglevel verbose
log can inspected here /var/log/auth.log
restart changes take effect
pi@raspberrypi ~ $ service ssh restart
do these stupid bots still appear in logs ?
try password auth , sshd them ?
ghans
try password auth , sshd them ?
ghans
raspberrypi
Comments
Post a Comment