Security

There are a few items that can be done to make the RPi more secure. This may make a significant difference if it is exposed to the Internet and used as a publicly accessible server.

Passwordless SSH Access

This is as easy as copying the public key into authorized_keys in .ssh folder in your user profile on RPi.

Make sure that the .ssh folder has 700 permissions.

Once the proper key is in authorized_keys and tested, remove access with password in /etc/ssh/sshd_config.

PermitRootLogin no

PasswordAuthentication no

After this, restart the sshd service:

sudo service ssh restart

The next time you try to log in, the allowed authentication methods will be displayed: Permission denied (publickey).

To connect via ssh client, use "ssh alen@192.168.1.1 -i <path to opensssh key file>".

• Passwordless access (link)

Remove Default User

It is advisable to remove the "pi" user and set up a different user for normal use. Add the new user to the same groups as "pi".

sudo adduser mynewuser

groups pi

sudo adduser mynewuser [group]

Then switch to the new user. Copy the SSH key, see Passwordless SSH Access.

Remove pi from admin groups: sudo deluser pi sudo and sudo deluser pi adm

Adapt the /etc/sudoers.d/ file to the new user - name and content.

Links

• Users, Passwords and Authentication section (link)