Ch at 12:15, 17 May 2021

2021-05-17T12:15:01Z

New page

[[Basic_Install|⇐ Basic Install]]

==Disabling root and pi accounts==
;We need to change passwords and/or disable root and pi usernames.

::First create our own account (logged in as pi)
:::<tt>sudo /usr/sbin/useradd --groups sudo --shell /bin/bash -m <myusername></tt>
:::<tt>sudo passwd <myusername></tt>

;Login as the new username and change root and pi passwords

::<tt>sudo passwd root</tt>
::<tt>sudo passwd pi</tt>
::<tt>sudo passwd --lock p</tt>i

==Securing ssh==
;Create a key on the host you are attaching from (if not already done so)

::<tt>ssh-keygen -t rsa</tt>
:::providing a keyphrase
::Copy the created key (in ~/.ssh) to the raspberrypi
:::<tt>ssh-copy-id -i ~/.ssh/id_rsa.pub <remote_user>@<remote_host></tt>
::Add host key to known hosts - (this removes existing entry (if any) and allows new host key to be added to the ~.ssh/known_hosts file at next ssh login
:::<tt>ssh-keygen –R <remote_host></tt>
::login to host with ssh

;Disable password authentication for ssh

::Edit the ssh config file
:::<tt>sudo emacs /etc/ssh/sshd_config</tt>
::::and set
:::::PasswordAuthentication no
:::::PermitRootLogin no
:::::UsePAM no

;Load new ssh configuration and restart
::<tt>sudo service /etc/init.d/ssh reload</tt>
::<tt>sudo service ssh restart</tt>

==Enabling Firewall==
;for older Raspbian
::Install iptables
:::<tt>sudo apt-get install iptables iptables-persistent</tt>
:check iptables
::<tt>sudo /sbin/iptables -L</tt>
;for Buster
:use nftables

==Securing wpa_supplicant==
;encrypt the wifi access password in wpa_supplicant
:encrypt the section for wpa_supplicant which contains the wifi password, by running
::<tt>wpa_passphrase ''<YOUR_SSID> <YOUR_PASSWORD>''</tt>
:cut and paste the output into the file
::<tt>/etc/wpa_supplicant/wpa_supplicant.conf</tt>
:removing the existing <tt>network={</tt> section and removing the commented out line line <tt>#psk=</tt> that has the unencrypted password
::

Hardening security - Revision history

Ch at 12:15, 17 May 2021