3. Connecting with SSH
Enable SSH
Enter sudo raspi-config
in the terminal, first select Interfacing options
, then navigate to ssh
, press Enter
and select Enable or disable ssh server
. Enable SSH.
Getting the Raspberry Pi's IP number
You will need the IP number for your Raspberry Pi in order to connect to it with SSH.
Run hostname -I
(note the capital I, using lowercase i will give you the localhost ip (127.0.0.1). This will give you the IP number of your Raspberry Pi. Write it down. You will need it every time you want to connect to it in the future.
Security
Step 1) Install Firewall:
sudo apt-get install ufw -y
Step 2) Enable / Configure the Firewall:
Enable the firewall and restrict ssh connections to only allow from the local network: (Replace X.Y.Z with first 3 sets of numbers of your Pi's IP retrieved earlier)
sudo ufw enable && sudo ufw allow from X.Y.Z.0/24 to any port 22
(example: sudo ufw enable && sudo ufw allow from 192.168.1.0/24 to any port 22
)
**Also a word of caution, make sure you run the command exactly as written above, because if you enable the firewall without the port 22 rule you will lock yourself out from being able to connect with SSH ! (SSH is blocked by default by the firewall)
Step 3) Block Stratis RPC Port 16174:
Hackers may attempt to access your wallet and stealing your funds, thus blocking this port from public access ensures your funds will be secure. Do so by executing at prompt:
sudo ufw deny 16174
Connect with SSH
Connect to your device using ssh <user>@<ip-number>
(example ssh [email protected]
).
You can now ditch the connected screen and keyboard that you have used to setup Raspberry Pi and continue this guide using your regular computer! Also you will now be able to use copy+paste for easier command execution from this guide, life just got easier :)
Additional SSH security (SSH Keys, Disable Password Login)
You can generate SSH keys which will make sure only your computer can connect to the Raspberry Pi over SSH. Also, logging in with a password will no longer be required. (If needed, refer to this guide for SSH basics)
Step 1) Generate SSH keys by typing
ssh-keygen -t rsa -b 4096
You will be prompted to set a password for the SSH keys. You can skip this step, and will allow you access to your pi without a password (However note if someone gains access to your keys, they will be able to access your pi without a password)
Step 2) Copy your ssh keys to your Raspberry Pi
ssh-copy-id <user>@<ip-number>
(example ssh-copy-id [email protected]
)
Step 3) Disable SSH Password Login [Optional]
*WARNING* Do not perform this prior to Steps 1 and 2 !!!
Doing this step will force key authentication only in order to login to your pi thru SSH, if you lose the key, you will not be able to login by use of a password, and you will have to access your Pi the traditional method without SSH, and redo your settings again. Choose wisely before doing this!
To Disable Password login you need to edit the SSH config file:
sudo nano /etc/ssh/sshd_config
Scroll down till you find #PasswordAuthentication yes and change the line to PasswordAuthentication no
Be sure to remove the # symbol or this will not work !
You may now login normally thru SSH.