After losing several times to setup again and again a raspberry pi, I have finally written some notes for the necessaries first steps to do EVERY times for a new setup.
- Raspberry Pi.
- USB cable and USB charger
- microSD card. I recommand at least 8Gb
- microSD card reader (After testing several low-cost models, I am now using this one and it is perfect.)
To be faster and not setting up a full desktop computer, I will not use any monitor or any keyboard or mouse connected to thr Pi.
According to the Pi model that you have chosen, you may need a ethernet cable or wifi could be enough.
Flashing the SD card
You can start by downloading the official imager from the official website. You can then follow the procedure to install the main raspbian image. If you don't need any kind of display, you can even use the Rasbian Lite. Flashing the sd card may take few minutes.
When this step is done, please do this last step for me.
In order to be able to connect to the Pi without keyboard and mouse, we will use the ssh connexion other internet.
For this: please disconnect and reconnect the sd card reader from your computer.
You should then see a drive called BOOT. Please create a new empty inside file called ssh in this folder. (no extension, no capital letters)
PS: if you add planned to use wifi connexion: please do the same create another file inside and call it wpa_supplicant.conf
You can now put the SD in you Pi and connect it to the power and the Ethernet cable.
After around one minut, the Pi shall have started.
Please go to you Internet box administration interface. I cannot discribe this step precisly because it can differ between each internet provider. Mainly the interface is available through the address 192.168.1.1. You should then look for the list of connected devices. You will then see a device called RASPBERRY. Please note the IP address used for this machine. From you computer on Windows you can install Putty, on Linux, you can directly try to connect:
The default user is pi and password is raspberry.
Change all passwords
Change the PI password
Set a new Root password
sudo passwd root
If you want to enable root access from SSH, you need to modified this file
sudo nano /etc/ssh/sshd_config
Inside the file, add this line at the end of the file:
Set SSH key for automated and safe connexion
Example of the situation A is the client (PC or laptop) B is the server (raspberry)
From A : generate keys (nopassphrase keep the name)
ssh-keygen -t rsa
Every things is now generated in:
Send to the server the public key
scp .ssh/id_rsa.pub root@your_raspberry:/tmp
On B (the Raspberry), you need now to add the key in the correct position
chmod 700 $HOME/.ssh
cat /tmp/id_rsa.pub >> $HOME/.ssh/authorized_keys
For the next connexion, the password shall not be asked.
Extend the memory size at maximum of capacities
Use the interface already available for that
then Advanced Option -> A1
Check the new memory size :
Info: size of every file :
du -m | sort -n > /home/pi/miFile.txt
Remove useless packets
You can win around 1 Go from the raspberry storage by removing games and libreoffice
apt-get autoremove --purge wolfram-engine minecraft-pi sonic-pi libreoffice* -y
Now, if you have several raspberries, the best would be to give a name.
It will be more easy than call it by is IP.
Place the new name into theses two files
In this file: write the prefix syntax for the prompt command
nano /root/.bashrc export PS1="SYNTAX"
There is a generator for the syntax.
Setup the internet box
1: Setup a fixed local IP
In the admin panel of your internet provider, you should have a possibilty to see your raspberry configuration and then modify it in order to keep the same IP all the time.
It means that for any reboot, the setup should remain the same.
2: Root ports
For some cases, you may want to access to some services of your raspberry over Internet. I mean from outside.
Be really carefull for that.
In the admin panel of your internet provider, you should be able to root some ports traffic from outside to the raspberry.
For example: if you want to access to SSH over internet, you should root the received port 22 from your box to the port 22 of you raspberry.
For futher details about IP, please check here.
If you open some access ports, I would recommand to protect them with fail2ban.
For example with SSH, if somebody try to connect more than 3 times, his IP will be rejected.
This append a lot for me.
Here is procedure to set ssh protection with Fail2ban.
Please consider also to protect other ports like the web server.
Check authentification log will provide you the list of last tentative of connexion:
tail -500 /var/log/auth.log | grep 'sshd'
Install a fail2ban:
apt-get install fail2ban -y
Open the config file:
And add this lines:
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
port = ssh,sftp,22
The list of ip banned is available here:
Remove an IP banned (replace 22.214.171.124 by your ip)
fail2ban-client set ssh- unbanip 126.96.36.199
Softwares that could be usefull
VNC to view the desktop
sudo apt-get install tightvncserver
vncpasswd Start the server
vncserver :3 -geometry 1280x800 -depth 24
From Linux desktop client, you can try with Remina software.
For Windows, you can use TightVNCViewer.
You should be able to connect by default throught the port 5903.
SAMBA in order to get the file system
apt-get install apt-transport-https samba samba-common-bin
cp /etc/samba/smb.conf /etc/samba/smb.conf.old