Secure your Pi

I’ve been trough this way too many times. So here’s a note (mainly for myself) so you and I know what to do when connecting a Raspberry Pi to the web.

Create a new user

This (low-privileged) user is needed so we don’t need to use our root user to login or run applications (because the amount of rights the latter has is plain dangerous).

You can do that with: sudo adduser username Needless to say¬† you’ll want to change ‘username’ to a username you’d like to use.

Enable key based authentication

Well, this part is explained way better than I ever could on the Raspberry Pi website.

Disable root login over ssh

Now that we have a new user which we can use to login over ssh (tried and tested, right?), we can disable our root login over ssh.
To accomplish this you’ll need to change the /etc/ssh/sshd_config file.

run: vim /etc/ssh/sshd_config

and make sure this is in your configuration file:

PasswordAuthentication no
PermitRootLogin no

Change it if it exists or add it if it doesn’t.
After your changes you’ll need to reload ssh:

/etc/init.d/ssh reload

Please be aware that this only covers the bare basics and you could (and should) do way more to secure your Pi.

Leave a reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.