Tuesday 8 October 2013

My first Raspberry Pi - day 1

I'm a bit late to jump on the bandwagon, but I've finally got round to buying myself a Raspberry Pi bare bones computer. There are many web pages out there with good tutorials on how to set up a Pi. This is not one of them. It's just a brief account of what I've done with mine.

As I plan on attaching lots of USB peripherals (web cam, PVR, weather station, disc drive, wi-fi dongle, ...) I decided to buy a good quality USB hub with a fairly beefy power supply (3A). This is sufficient to power the Pi, so no additional supply is needed. The only disadvantage is that one of the USB ports is occupied just powering the Pi. Also there are two USB cables between hub and Pi - one for data and one for power - which is a bit of a waste.

Initial setup

I regard myself as reasonably proficient with Linux, so I decided to skip the normal "NOOBS" software and jump straight to a "headless" setup of raspbian. I downloaded the image (version "2013-09-25-wheezy") from http://www.raspberrypi.org/downloads and flashed it to a 4GB SDHC card. I put the card in the Pi, connected an Ethernet cable, powered on and within a few tens of seconds an entry for "raspberrypi" appeared in my ADSL modem router's DHCP table.

From a terminal window on my main machine I was able to ssh to pi@raspberrypi and login with the password raspberry. As prompted, I then ran 'sudo raspi-config' and selected the following options:
1 Expand Filesystem (to use all the memory card)
2 Change User Password (for now - I'll enable secure passwordless login later)
4 Internationalisation Options => I2 Change Timezone (set to Europe/London)
8 Advanced Options => A2 Hostname (all my computers are named after machines or characters from Gerry Anderson's "Thunderbirds" - the Pi is now called firefly)
8 Advanced Options => A3 Memory Split (set minimum GPU memory - I don't expect to use the GPU at all)

Passwordless login

There are many tutorials on the web about setting up passwordless login with ssh. As I already have this set up on my other machines I simply had to copy my key to the Pi by running 'ssh-copy-id -i ~/.ssh/id_dsa.pub pi@firefly' on my main computer. Now I could ssh to pi@firefly without a password.

Copying the key to the 'root' account enables passwordless login as root as well:
sudo mkdir /root/.ssh
sudo chmod go-rx /root/.ssh
sudo cp ~/.ssh/authorized_keys /root/.ssh/
Finally we can disable password login. On the Pi, edit the ssh configuration file ('sudo vi /etc/ssh/sshd_config') and change the line '#PasswordAuthentication yes' to 'PasswordAuthentication no', then restart the ssh daemon: 'sudo /etc/init.d/ssh restart'. Test by trying to ssh to a non-existent account: 'ssh fred@firefly' now gets the response 'Permission denied (publickey)'.

This is a bit more security than most people need, but I intend to allow ssh connections to my Pi from the Internet (so I can check up on things when away from home) so it's vital to frustrate the thousands of repeated attempts to login as root that any exposed machine will receive.

No comments: