Security
There are a few items that can be done to make the RPi more secure. This may make a significant difference if it is exposed to the Internet and used as a publicly accessible server.
Passwordless SSH Access
This is as easy as copying the public key into authorized_keys in .ssh folder in your user profile on RPi.
Make sure that the .ssh folder has 700 permissions.
Once the proper key is in authorized_keys and tested, remove access with password in /etc/ssh/sshd_config.
PermitRootLogin no
PasswordAuthentication no
After this, restart the sshd service:
sudo service ssh restart
The next time you try to log in, the allowed authentication methods will be displayed: Permission denied (publickey).
To connect via ssh client, use "ssh alen@192.168.1.1 -i <path to opensssh key file>".
- Passwordless access (link)
Remove Default User
It is advisable to remove the "pi" user and set up a different user for normal use. Add the new user to the same groups as "pi".
sudo adduser mynewuser
groups pi
sudo adduser mynewuser [group]
Then switch to the new user. Copy the SSH key, see Passwordless SSH Access.
Remove pi from admin groups: sudo deluser pi sudo
and sudo deluser pi adm
Adapt the /etc/sudoers.d/ file to the new user - name and content.
Links
- Users, Passwords and Authentication section (link)