After losing several times to setup again and again a raspberry pi, I have finally written some notes for the necessaries first steps to do EVERY times for a new setup.

Hardware needed

  • Raspberry Pi.

  • USB cable and USB charger

  • microSD card. I recommand at least 8Gb

  • microSD card reader (After testing several low-cost models, I am now using this one and it is perfect.)

 

 

To be faster and not setting up a full desktop computer, I will not use any monitor or any keyboard or mouse connected to thr Pi.

According to the Pi model that you have chosen, you may need a ethernet cable or wifi could be enough.

 

Flashing the SD card

You can start by downloading the official imager from the official website.  You can then follow the procedure to install the main raspbian image. If you don't need any kind of display, you can even use the Rasbian Lite. Flashing the sd card may take few minutes.

.

 

When this step is done, please do this last step for me.

In order to be able to connect to the Pi without keyboard and mouse, we will use the ssh connexion other internet.

For this: please disconnect and reconnect the sd card reader from your computer.

You should then see a drive called BOOT. Please create a new empty inside file called ssh in this folder. (no extension, no capital letters)

PS: if you add planned to use wifi connexion: please do the same create another file inside and call it wpa_supplicant.conf

country=fr

update_config=1

ctrl_interface=/var/run/wpa_supplicant

network={

scan_ssid=1

ssid="WifiName"

psk="WifiPassword"

}

First Start

You can now put the SD in you Pi and connect it to the power and the Ethernet cable.

After around one minut, the Pi shall have started.

Please go to you Internet box administration interface. I cannot discribe this step precisly because it can differ between each internet provider. Mainly the interface is available through the address 192.168.1.1. You should then look for the list of connected devices. You will then see a device called RASPBERRY. Please note the IP address used for this machine. From you computer on Windows you can install Putty, on Linux, you can directly try to connect: 

      ssh pi@ip.of.the.pi

The default user is pi and password is raspberry.

Mandatories commands

Security

Change all passwords

Change the PI password

passwd

Set a new Root password

sudo passwd root

If you want to enable root access from SSH, you need to modified this file

sudo nano /etc/ssh/sshd_config

Inside the file, add this line at the end of the file:

PermitRootLogin yes

 

Set SSH key for automated and safe connexion

Example of the situation A is the client (PC or laptop) B is the server (raspberry)

From A : generate keys (nopassphrase keep the name)

ssh-keygen -t rsa

Every things is now generated in:

ls .ssh

Send to the server the public key

scp .ssh/id_rsa.pub root@your_raspberry:/tmp

On B (the Raspberry), you need now to add the key in the correct position

mkdir $HOME/.ssh

chmod 700 $HOME/.ssh

cat /tmp/id_rsa.pub >> $HOME/.ssh/authorized_keys

For the next connexion, the password shall not be asked.

Cleaning

Extend the memory size at maximum of capacities

Use the interface already available for that

sudo raspi-config

then Advanced Option -> A1

Check the new memory size :

df

Info: size of every file :

du -m | sort -n > /home/pi/miFile.txt

Remove useless packets

You can win around 1 Go from the raspberry storage by removing games and libreoffice

apt-get autoremove --purge wolfram-engine minecraft-pi sonic-pi libreoffice* -y

apt-get clean

 

Naming

Now, if you have several raspberries, the best would be to give a name.

It will be more easy than call it by is IP.

Place the new name into theses two files

nano /etc/hosts

nano /etc/hostname

In this file: write the prefix syntax for the prompt command 

nano /root/.bashrc export PS1="SYNTAX"

There is a generator for the syntax.

 

Setup the internet box

1: Setup a fixed local IP

In the admin panel of your internet provider, you should have a possibilty to see your raspberry configuration and then modify it in order to keep the same IP all the time.

It means that for any reboot, the setup should remain the same.

2: Root ports

For some cases, you may want to access to some services of your raspberry over Internet. I mean from outside.

Be really carefull for that.

In the admin panel of your internet provider, you should be able to root some ports traffic from outside to the raspberry.

For example: if you want to access to SSH over internet, you should root the received port 22 from your box to the port 22 of you raspberry.

For futher details about IP, please check here.

Optional: Fail2Ban

If you open some access ports, I would recommand to protect them with fail2ban.

For example with SSH, if somebody try to connect more than 3 times, his IP will be rejected.

This append a lot for me.

Here is procedure to set ssh protection with Fail2ban.

Please consider also to protect other ports like the web server.

Check authentification log will provide you the list of last tentative of connexion:

tail -500 /var/log/auth.log | grep 'sshd'

Install a fail2ban:

apt-get install fail2ban -y

Open the config file:

nano /etc/fail2ban/jail.local

And add this lines:

[ssh]

enabled = true

port = ssh

filter = sshd

logpath = /var/log/auth.log

maxretry = 6

port = ssh,sftp,22

The list of ip banned is available here:

cat /etc/fail2ban/ip.list-ssh

Remove an IP banned (replace 8.8.8.8 by your ip)

fail2ban-client set ssh- unbanip 8.8.8.8

Softwares that could be usefull

VNC to view the desktop

sudo apt-get install tightvncserver

vncpasswd Start the server

vncserver :3 -geometry 1280x800 -depth 24

From Linux desktop client, you can try with Remina software.

For Windows, you can use TightVNCViewer.

You should be able to connect by default throught the port 5903.

SAMBA in order to get the file system

apt-get install apt-transport-https samba samba-common-bin 

cp /etc/samba/smb.conf /etc/samba/smb.conf.old