8 Sep 2019 ##################################################### About this setup: - Updated 8 Sep 2019. - Default Raspberry Pi login. - Imaged from SD card using ddrescue: sudo ddrescue /dev/sdg raspbian-buster-lite_configured_20190908.img. Just using dd I always ends up with slightly corrupted images or drives. - This configuration created on RP1 Model B Revision 2.0. - Tested on RP2 Model B V1.1. Seems OK. - Tested on RP3 Model B V1.2 (Raspbery Pi 2015). Seems OK. ##################################################### Set up basic configuration for imaging to other Pi-s without having to do all this every time. Set up for headless use with remote connection. Set up on 4GB SD card to limit size of filesystem. Image is 2.2GB. I have Pi 1 Model B Revision 2.0. ########################### unzip 2019-07-10-raspbian-buster-lite.zip 2019-07-10-raspbian-buster-lite.img ddrescue 2019-07-10-raspbian-buster-lite.img /dev/sdg ########################### sudo apt-get update sudo apt-get dist-upgrade ########################### Enable sudo password: In file /etc/sudoers.d/010_pi-nopasswd, as root, comment out line: pi ALL=(ALL) NOPASSWD: ALL That is the only line in the file. The file can also be deleted for the same effect. ########################### In raspi-config: - Interfacing Options: --- enable SSH - Advanced Options: --- Memory Split - 16M for graphics ########################### Configure sshd_config: PermitRootLogin no DenyUsers pi LoginGraceTime 30s sudo systemctl restart sshd.service Did not delete pi as apparently some packages require the pi user. ############################ Set fixed IP address in /etc/dhcpcd.conf Added/uncomment: static ip_address=192.168.0.100/24 static routers=192.168.0.1 => Gateway static domain_name_servers=192.168.0.1 8.8.4.4 8.8.8.8 Reboot. This works. ########################### Firewall: sudo apt-get install ufw sudo ufw enable Enable ssh: sudo ufw allow ssh ########################### Install specific configs that could be done: - Change default password for user pi. - If necessary, change IP address as described above. - Add another user with sudo access - Set up auto update with possibly auto reboot depending on function. --- Can set it up using script via crontab or using the 'unattended-upgrades' package. - Change ssh port from 22 to something else: --- in sshd_conf set Port --- in ufw: sudo ufw deny ssh --- in ufw: sudo ufw allow 51033/tcp - Limit login attempts by using iptables. - Limit users by ip address on LAN - apparently should use iptables for this, not sshd_config.