💾 Archived View for sylvaindurand.org › raspbian-lite-on-raspberry-pi › index.gmi captured on 2022-04-28 at 17:51:22. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
More than four years ago, I wrote an article explaining how to install Arch Linux on a Raspberry Pi:
Installing Arch Linux on Raspberry Pi
I have since migrated to the Raspbian distribution, based on Debian and made specifically for the Raspberry Pi.
Historically very large, because it has a graphic interface and several specific software, Raspbian now exists in a Light version that allows you to limit the packages to the essentials, to manage your Raspberry Pi from the command line.
This article is a small personal memo on the steps to install and secure Raspbian to get a Raspberry Pi ready to use, usable via command line with SSH.
First we download the image of Raspbian. Select "Raspbian Stretch Lite". The official site offers user manuals for Linux, MacOS and Windows.
On MacOS, we start by looking at the address of the SD card:
diskutil list
Once you know the SD card number, which appears as `/dev/disk<number>`, you unmount the volume, then write the image on it :
diskutil unmountDisk /dev/disk<number> sudo dd bs=1m if=image.img of=/dev/rdisk<number> conv=sync
To be able to connect with SSH, we must create a file named `ssh` at the root of our SD card:
touch /Volumes/boot/ssh
If you need to connect on a Wifi network at boot:
nano /Volumes/boot/wpa_supplicant.conf
We put:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
network={
ssid="<your-network-ssid>"
psk="<your-network-password>"
key_mgmt=WPA-PSK
}
Finally, we eject the card:
sudo diskutil eject /dev/rdisk<number>
Once the Raspberry is powered up with the SD card, you can connect with SSH:
ssh pi@<raspberry-pi-ip>
The default password is `raspberry`. Let's start by changing it:
passwd
After setting up a new server, we start by updating all the packages:
sudo apt-get update && sudo apt-get upgrade sudo apt-get dist-upgrade sudo apt autoremove
In order to set the language and time zone, launch:
sudo dpkg-reconfigure locales sudo dpkg-reconfigure tzdata
We will prevent the `root' connection and change ports, in order to prevent a large number of attack attempts. To do this, we edit:
sudo nano /etc/ssh/sshd_config
We modify the following parameters with:
Port <your-custom-port> LoginGraceTime 2m PermitRootLogin no StrictModes yes PermitEmptyPasswords no
We finally restart the Raspberry Pi:
sudo reboot
Locally, we create a new private key:
ssh-keygen -t ed25519 -a 100
Then we edit `.ssh/config` to connect easily:
Host pi
Hostname <raspberry-pi-ip>
Port <your-custom-port>
User pi
IdentityFile ~/.ssh/<your-private-key>
Then we send the public key to the server:
ssh-copy-id -i ~/.ssh/<your-private-key> pi
You can then connect directly with `ssh vps`.
The system is now fully operational!