Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

How to Secure Your Raspberry Pi with Wifi in 15 minutes

170705152841 cyber attack 1 780x439

It's best to start off by installing Raspbian onto your Raspberry Pi — which can be accomplished a couple ways. You can install it with NOOBS or download the image and follow the installation guide.

If you download the image directly, it's a simple matter of using Etcher or using dd in Linux/Mac to burn the image to an SD card.

Getting Started

Start off by running the configurator with raspi-config.

Let's start by running some updates and installing some handy tools — these are some of my favourites and I can't do without them -

apt-get update -y && apt-get install -y \
  curl \
  wget \
  git \
  vim \
  htop \
  tmux \
  unzip \
  libssl-dev \
  libffi-dev \
  python \
  python-dev \
  python-pip \
  python3-dev \
  python3-pip \
  python3-venv \
  build-essential \
  nodejs \ 
  ufw \
  chromium-browser

# Basic firewall, allowing SSH traffic only by default. 
ufw allow ssh

# Make sure you allow SSH first, before enabling the service,
# otherwise you'll lock yourself out of SSH access on a headless Raspberry Pi.
ufw enable && ufw status

Switch to the root user via sudo -i first, as it will make progressing further so much easier.

Configure Wifi - for Raspberry Pi 3 Model B (Post February 2016)

You will need a modern version of the Raspberry Pi which has Wifi onboard, such as the Raspberry Pi 3 Model B (February 2016) or Raspberry Pi Zero W.

Setup wifi as per the guide, making sure to run the following as root.

It's best to provide an encrypted PSK via running wpa_passphrase

iwlist wlan0 scan
vim /etc/wpa_supplicant/wpa_supplicant.conf
wpa_cli reconfigure

# You can also toggle the interface manually if the
# command above doesn't play nicely.
ifdown wlan0
ifup wlan0

Securing Your Raspberry Pi

Here are some recommended next steps.

  • Configure sshd config vim /etc/ssh/sshd_config and add
PermitRootLogin no
PasswordAuthentication no
  • Restart the deamon systemctl restart ssh.service
  • Create a user account
  • Add your user to sudoers
  • Add your public SSH key to ~/.ssh/authorized_keys
  • Secure perms via chmod 700 ~/.ssh
  • Secure perms via chmod 600 ~/.ssh/authorized_keys

It is highly recommended that you perform steps detailed in Essential Security for Linux Servers which only takes about 5 mins, and I've already included most of these aspects above.

References

comments powered by Disqus