User Tools

Site Tools



This page documents my local Raspberry Pi config for a Raspberry Pi 3 running Raspbian. This is config is based on Raspian Jessie Lite released on 2016-03-18 by the Raspberry Pi Foundation which can be found here.

  • Add OpenSSH authorized_keys for root user
  • Remove all key types except rsa and ed25519 from sshd_config
  • Remove all default keys and regenerate
    • rm *key*
    • ssh-keygen -q -N “” -t rsa -b 8192 -f /etc/ssh/ssh_host_rsa_key
    • ssh-keygen -q -N “” -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
    • service ssh restart
    • Make vi the default editor: update-alternatives –set editor /usr/bin/vim.tiny
    • Set static IP address for host by editing /etc/dhcpcd.conf:
# See dhcpcd.conf(5) for details.
interface eth0
static ip_address=$IP/$MASK
static routers=$ROUTER
  • Set resolvconf for a static configuration by editing /etc/resolvconf.conf:
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details

# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
# BUG WORKAROUND: space separated lists of DNS servers are not currently working

# Mirror the Debian package defaults for the below resolvers
# so that resolvconf integrates seemlessly.
  • Remove pi default user
  • Remove pi group
  • Add new default user and group
    • Add sudoers entry for user
    • Set password
  • Update ntp config; apt-get install ntpdate and sync time
  • Set timezone to Toronto: sudo ln -fs /usr/share/zoneinfo/America/Toronto /etc/localtime
  • Remove MOTD text > /etc/motd
  • Install git and needrestart

Raspbian appears to have issues with managing network dependencies during boot. This script ensures that BIND, dhcpd, and NTP start up correctly after the network interface is properly set up. It is run via /etc/rc.local as a background process and depends on fping.


until fping -qc 3 > /dev/null 2>&1; do
  echo "Waiting for network..."

for daemon in isc-dhcp-server bind9; do
  echo "Forcing restart of $daemon"
  service $daemon restart

echo "Forcing restart of ntp"
service ntp stop
ntpdate -s
service ntp start

Service management under systemd

  • Add service to systemd init process: systemctl enable $SERVICE
  • List all services: service –status-all

Disable WiFi completely

Blacklist the driver by creating a file in /etc/modprobe.d called wlan-blacklist.conf with the following contents:

blacklist brcmfmac
blacklist brcmutil
pi/raspbian.txt · Last modified: 2019-08-10 14:05 by gabriel