Closed jeff1evesque closed 7 years ago
We should define an initial baseline to harden the raspberry pi:
## replace default ssh keys sudo rm -rf /etc/ssh/ssh_host_* && sudo dpkg-reconfigure openssh-server ## configure ssh if [ -f '/etc/ssh/sshd_config' ]; then ## disallow root ssh sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sudo sed -i 's/PermitRootLogin without-password/PermitRootLogin no/g' /etc/ssh/sshd_config ## disallow more than 5 failed ssh login sudo chmod 777 /etc/ssh/sshd_config sudo printf '\nMaxAuthTries 5\n' >> /etc/ssh/sshd_config sudo chmod 644 /etc/ssh/sshd_config fi ## ensure us layout keyboard sudo sed -i 's/XKBLAYOUT=".*"/XKBLAYOUT="us"/g' /etc/default/keyboard ## require login password with gui if [ -f '/etc/lightdm/lightdm.conf' ]; then sudo sed -i 's/autologin-user=pi/#autologin-user=pi/g' /etc/lightdm/lightdm.conf fi ## change default 'raspberry' password passwd ## set root password sudo passwd root ## reboot: some configurations require reboot reboot
Now, login as the root user:
root
## rename 'pi' username to 'newname' systemctl stop autologin@tty1 systemctl daemon-reload usermod -l newname -d /home/newname -m pi ls -al /home mkdir /home/newname chown newname:newname /home/newname ls -al /home systemctl start autologin@tty1
We should define an initial baseline to harden the raspberry pi:
Now, login as the
root
user: