1.3 SSH

Enable SSH

In the recent Raspbian PIXEL release I have noticed SSH not being enabled by default. To enable it, hook up a keyboard and open a terminal.

sudo /etc/init.d/ssh start

This launches the SSH service. To make sure it automatically starts on every boot:

sudo update-rc.d ssh defaults

Fingerprint

I assume you want to do most things over SSH, since the Pi is not a desktop replacement and will propably reside somewhere under your desk or closer to a router than to a monitor and keyboard. In case you're not paranoid you can skip this step, otherwise execute the following in a terminal to see your RSA fingerprint:

ssh localhost

Write it down or remember the first and last few characters. Later, once you SSH into the Pi you can compare the fingerprints and be sure there's no Carol intercepting Alice and Bob's messages.

Disable root over ssh

Open sudo nano /etc/ssh/sshd_config and find (using Ctrl+W) the line with PermitRootLogin. It may look like this:

#PermitRootLogin no

Or this:

PermitRootLogin yes

So make sure it is uncommented and says no. While you're in that file, also ensure Protocol 2 is enabled, because SSH-1 is insecure. Next, restart the ssh daemon to apply the changes:

sudo /etc/init.d/ssh restart

Done! You'll need to log back in (when doing this over SSH).

Keep SSH connections alive for longer

Edit sudo nano /etc/ssh/sshd_config again. Add this at the bottom of the file:

ClientAliveInterval 30
TCPKeepAlive yes
ClientAliveCountMax 99999

And restart ssh: sudo /etc/init.d/ssh restart.

Disable root entirely

You can change the default root user password using

sudo passwd root

...or better yet, disable root user:

sudo passwd -dl root

You can disable root user because your default (root-capable) user will probably be user 'pi'. Don't forget to also change the default password for pi in the same manner.

Disable SSH entirely

You can even choose to disable SSH entirely if you are not going to use it. To do so, use sudo raspi-config to get into the configuration screen, navigate to ssh and select Enable or disable ssh server.

results matching ""

    No results matching ""