User Tools

Site Tools


pi:raspbian

This page documents my local Raspberry Pi config for a Raspberry Pi 3 running Raspbian. This is config is based on Raspian Jessie Lite released on 2016-03-18 by the Raspberry Pi Foundation which can be found here.

  • Add OpenSSH authorized_keys for root user
  • Remove all key types except rsa and ed25519 from sshd_config
  • Remove all default keys and regenerate
    • rm *key*
    • ssh-keygen -q -N “” -t rsa -b 8192 -f /etc/ssh/ssh_host_rsa_key
    • ssh-keygen -q -N “” -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
    • service ssh restart
    • Make vi the default editor: update-alternatives –set editor /usr/bin/vim.tiny
    • Set static IP address for host by editing /etc/dhcpcd.conf:
# See dhcpcd.conf(5) for details.
interface eth0
static ip_address=$IP/$MASK
static routers=$ROUTER
  • Set resolvconf for a static configuration by editing /etc/resolvconf.conf:
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details

resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
search_domains=in.quay.net
# BUG WORKAROUND: space separated lists of DNS servers are not currently working
name_servers=$NS1
name_servers_append=$NS2

# Mirror the Debian package defaults for the below resolvers
# so that resolvconf integrates seemlessly.
dnsmasq_resolv=/var/run/dnsmasq/resolv.conf
pdnsd_conf=/etc/pdnsd.conf
unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf
  • Remove pi default user
  • Remove pi group
  • Add new default user and group
    • Add sudoers entry for user
    • Set password
  • Update ntp config; apt-get install ntpdate and sync time
    • time.chu.nrc.ca
    • ntp1.torix.ca
    • tick.umanitoba.ca
    • time.nrc.ca
    • ntp2.torix.ca
    • tock.utoronto.ca
    • ntp3.torix.ca
    • tick.usask.ca
    • time.nist.gov
  • Set timezone to Toronto: sudo ln -fs /usr/share/zoneinfo/America/Toronto /etc/localtime
  • Remove MOTD text > /etc/motd
  • Install git and needrestart

Raspbian appears to have issues with managing network dependencies during boot. This script ensures that BIND, dhcpd, and NTP start up correctly after the network interface is properly set up. It is run via /etc/rc.local as a background process and depends on fping.

#!/bin/bash

until fping -qc 3 8.8.8.8 > /dev/null 2>&1; do
  echo "Waiting for network..."
done

for daemon in isc-dhcp-server bind9; do
  echo "Forcing restart of $daemon"
  service $daemon restart
done

echo "Forcing restart of ntp"
service ntp stop
ntpdate -s 0.ca.pool.ntp.org
service ntp start

Service management under systemd

  • Add service to systemd init process: systemctl enable $SERVICE
  • List all services: service –status-all

Disable WiFi completely

Blacklist the driver by creating a file in /etc/modprobe.d called wlan-blacklist.conf with the following contents:

blacklist brcmfmac
blacklist brcmutil
pi/raspbian.txt · Last modified: 2016-04-10 02:31 by gabriel