Couldn't find them here, so here are the two lines: "origin=Raspbian,codename=${distro_codename},label=Raspbian"; "origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation"; Thanks for the video, it is very informative!
@ITProTv3 жыл бұрын
You're welcome. Thanks so much for adding that!
@altaccproxy98903 жыл бұрын
Thank you so much!
@twocentproductionstcp50684 жыл бұрын
THANK YOU! I see SO many Raspberry Pi "setup" videos out there that just fire up the Pi, set the basic settings and then Totally ignore any of this. I would LOVE to see more videos like this!!!
@ITProTv4 жыл бұрын
Glad it helped! We'll be working on more for sure.
@billy1207452 жыл бұрын
Thank you for this! I followed these suggestions and also made my RPI static IP (on RPI and router sides) as I plan to use it for server work. Learning a lot, liked and subbed
@DudeSkinnyTall3 жыл бұрын
Great stuff. Simple security steps people skip all the time
@ITProTv3 жыл бұрын
Exactly! Glad you found it useful.
@juanwagner Жыл бұрын
Thanks! Very useful ! Just for clarification, AllowUsers' users must be separated by spaces, not by commas.
@joemartin5881 Жыл бұрын
Using my Raspberry Pi to learn Linux and CLI. Being able to SSH from my iPad makes that super easy but security has been a concern. Thanks for the tips.
@maffysdad2 жыл бұрын
Why is this not in the top watch lists for the RPi? This was a brilliant tutorial to aiding in understanding how to protect the basics of the RPi when it's connected to the internet, such as when being used as a basic home servers. There are lots of videos out there on how to turn the RPi into a server, but they all lack protecting it. I viewed the web page linked to this video and how you write down and explain stuff is really helpful. So through four or five really good videos by various YTers I know now to install the Lite version of Raspberian, I know how to change the username, host name, password and privileges, I know how to lock out the default user, I know how to better protect the ssh side of the connection. Install a firewall and configure it. Install Apache, run a server and update my IP address so my website shouldn't be down any longer than say 15mins... Brilliant tutorial... Thank you so much!
@TooSlowTube7 ай бұрын
Really useful. Thanks. I've been frustrated by just about everything I read telling me to use apt online, when I don't feel safe doing that. Having to "sudo" commands strikes me as like playing "Simon says", and being effectively told "Ha! You didn't say "Simon says" ". Utterly pointless pseudo (sudo) security, like one of the Seven Dwarfs locking the mine shaft then putting the key on a hook, next to the door.
@MartinHiggs842 жыл бұрын
I have also enabled 2 factor authentication for SSH
@rmikel147893 жыл бұрын
Thank you, for the very clear video.
@erikyhlen30692 жыл бұрын
Extremely useful, thank you so much
@Jay-w5i Жыл бұрын
This was an excellent video
@jeffreygnanasoundarjohnsel54554 жыл бұрын
One of best tutorial I have been watched recent times about Raspberry pi. It would be good if you can also explain how to unlock the IP after it blocked for continuous wrong password.
@ITProTv4 жыл бұрын
Great idea! Maybe we'll do that for the next Pi day.
@MEWOVER90004 жыл бұрын
Wonderful, wonderful video. Thank you guys!
@ITProTv4 жыл бұрын
Thanks for watching!
@lenkapolaskova2094 Жыл бұрын
Great tutorial, I am surprised you don't show how to secure connection with a certificate, it would be for another video maybe...
@chindersman4 жыл бұрын
I see that this tutorial is for securing a Raspberry Pi that's running Ubuntu. I've followed the steps you've given and applied them to a Pi running Raspbian, and it worked out great and I appreciate it! What can I do to secure a Pi that's running Arch-based distros such as Manjaro?
@ITProTv4 жыл бұрын
Glad it worked for you. On the Arch question, that would be a whole different video to go in to all of that. Maybe we'll make one next Pi day!
@tomb80773 жыл бұрын
very helpful, thank you :)
@ITProTv3 жыл бұрын
You're welcome! Glad it was helpful.
@quantumastrologer55992 жыл бұрын
thanks!
@romkaizeris2 жыл бұрын
Nicely done! Will definitely follow ;)
@d4rkrabb1t4 жыл бұрын
U should do a video about portforwarding ssh on raspberry pi :)
@ITProTv4 жыл бұрын
Not a bad idea. Happy Pi Day!
@ronaldnieland19323 жыл бұрын
Very useful, thumbs up
@ITProTv3 жыл бұрын
Thanks for watching & liking!
@rpnpn45123 жыл бұрын
what a great tutorial, learned a lot
@ITProTv3 жыл бұрын
Glad it was helpful!
@flyingphysics9664 Жыл бұрын
When you install and edit the 50unattendedupades file, what is the txt to use if you're on the newer Raspberry Pi OS, versus Rasbian? Awesome video, thank you!
@Mark-gk3bl2 жыл бұрын
Loved you video, still confuse on firewalls. If I enable UFW and close certain ports does it just close these ports on the pi or does it also close those ports for all my other devices on my network?
@ragavansuresh50354 жыл бұрын
Extremely useful, thank you for the information!
@ITProTv4 жыл бұрын
Glad it was helpful!
@fuba443 жыл бұрын
Really really cool video, subbed.
@ITProTv3 жыл бұрын
Appreciate it!
@adamkempinski57742 жыл бұрын
I'm using my pi 0 only for pi hole. are there any extra ports I should leave open when setting up UFW so it doesn't disrupt pi hole and if, than which ports should I leave open ?
@d4rkrabb1t4 жыл бұрын
Thx! Keep up the good work.
@ITProTv4 жыл бұрын
Appreciate it, Frederic!
@markahdz3 жыл бұрын
Can you do this on the twister OS ? Sorry first time using raspberry pi or soon to be
@vmdude13 жыл бұрын
I'm new to all this and for the life of me I can't figure out how you get the Terminal window on your PC monitor while running windows??????
@markahdz3 жыл бұрын
Can the unattended auto updates be added to the TwisterOS ?
@DiyintheGhetto Жыл бұрын
What commands do you use to unlock the pi account?
@dannyreg84052 жыл бұрын
If I lock out my PI account according to your video, how do I reinstall it?
@justin.trading Жыл бұрын
Why disable the pi user, why not just change the pi username on creating the image and changing the password too?
@HugoStiglitz6093 жыл бұрын
Very new to all this, at the seven minute mark when testing to see if the new user has ssh access, how do you know what IP address to enter. I tried entering the one from the “hostname -I”but that didn’t work. It said authenticity couldn’t be established
@ITProTv3 жыл бұрын
Run "ip addr" on the Raspberry Pi to see what IP address it has.
@PandemicGameplay4 жыл бұрын
I disagree reg. public key ssh auth, it is very easy to setup, on mac you can simply do ssh-copy to copy the public key to the authorized keys for the pi. It also makes it pretty much impossible for anyone to brute force your ssh.
@ITProTv4 жыл бұрын
Thanks for your input!
@BeastBZ3 жыл бұрын
Why "-y"? When installing ufw most guides do not add -y what does -y do or mean? Finally found it. -y states yes to all yes and no prompts. Is this correct? Just want to make sure. One more noob question, what are you pressing multiple times to make sure the home prompt comes up? Ctrl+c?
@ITProTv3 жыл бұрын
You are correct. I am usually in a hurry (especially in videos) and don't want to fuss with an extra confirmation prompt. It is fine in a lab environment, but you might not want to do it in a production environment if you are worried about typos.
@karmallama76294 жыл бұрын
Very helpful video! Set up Ufw and fail2ban exactly how you have it here in the video but cant seem to get fail2ban to ban the ip after several failed attempts. Is there anything that can be done to fix this?
@karmallama76294 жыл бұрын
Just posting again incase anyone has the same issue as me. I managed to resolve this by putting in the jail.local file: [DEFAULT] banaction = ufw. Then in the file under /etc/fail2ban/jail.d/defaults-debian.conf I changed enabled to false and created a new file called custom.conf in the jail.d directory. Set up all the configerations for the ssh jail in that file and used logpath = /var/log/auth.log and its now working like a charm! Hope this helps anyone that has the same issue as I did :-) **UPDATE With a recent raspberry OS update I noticed the auth.log file stopped logging failed ssh attempts. To resolve this, inside the custom.conf file, remove the line 'logpath = /var/log/auth.log' and replace it with backend = systemd Spent a few hours scratching my head trying to fix it but adding this update just in case someone else has the same issue as me and stumbles along this :-)
@ITProTv4 жыл бұрын
Glad you get it resolved!
@theborne4 жыл бұрын
What port does flightaware (Piaware) use? Also, does flightaware need the Pi user account for anything?
@ITProTv3 жыл бұрын
Sorry, I'm not an expert on Flightaware so I don't have the answers to your question. I would suggest you check their documentation and see if you can find out there.
@unknownunknown70763 жыл бұрын
i cant ssh into my pi "The authenticity of host an't be established. ECDSA"?
@ITProTv3 жыл бұрын
It could be a few things. If you haven't changed the SSH configuration on the Pi, then usuallyk either sshd on the pi, or the ssh client on your computer are out of date. If you have changed your SSH configuration, then you may need to regenerate your SSH keys on the Pi.
@dannyreg84052 жыл бұрын
Why can't anyone answer my question?
@fnotlive53224 жыл бұрын
didnt put the links you said you were gonna put in the comments
@ITProTv4 жыл бұрын
Apologies. Just skimmed back through, and I don't see where we mentioned links, however here are the full notes we created for the show: Basic Steps ======================================= * Install Rapsbian + `sudo raspi-config` + Change password + Network + Localization + Interfacing (SSH) + `hostnamectl set-hostname dpserver` * Create a custom user + `adduser dpezet` + `gpasswd -a dpezet adm` + `gpasswd -a dpezet sudo` + `visudo` + `dpezet ALL=(ALL) NOPASSWD:ALL` * Lock the pi user (Optional) + `sudo passwd -l pi` System Updates ======================================= * Perform updates + `sudo apt update && sudo apt upgrade -y` * Enable automatic upgrades + `sudo apt install unattended-upgrades` + `sudoedit /etc/apt/apt.conf.d/50unattended-upgrades` + Append + "origin=Raspbian,codename=${distro_codename},label=Raspbian"; + "origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation"; Eliminating Unused Services ======================================= * Stop unnecessary services + `systemctl --type=service` + `systemctl --type=service --state=active` + `sudo systemctl disable ` Configuring a Firewall ======================================= * Enable basic firewall + `sudo apt install ufw -y` + `sudo ufw allow 22/tcp comment "SSH"` + `sudo ufw enable` + `sudo ufw status` Securing SSH ======================================= * Restrict SSH2 + `sudoedit /etc/ssh/sshd_config` + AllowUsers dpezet + Optional: `PasswordAuthentication no` * Enable brute force protection + `sudo apt install fail2ban -y` + `sudoedit /etc/fail2ban/jail.local` ``` + [DEFAULT] + bantime = 1h + banaction = ufw + [sshd] + enabled = true ```
@P90Camper4 жыл бұрын
@@ITProTv I think he was talking about the links to find raspberry pi update strings. I see that above - hope the OP did to, thank you. My question is does the change to "Raspberry Pi OS" change any of this? Lastly you mentioned I could find this on the Raspberry Pi page - I can't seem to locate it, can you provide a link in case I need to make a new string for future versions? Thanks & great video!
@mx310tuda73 жыл бұрын
I followed the instructions and reviewed twice and triple before saving any file or issuing a command and I still got locked out after enableing fail2ban.... I had to re-image my sdcard.
@mx310tuda73 жыл бұрын
My best guess now is that you need to change your location FIRST in the raspi-config before changing the pi password, the video is doing it backwards :(
@ITProTv3 жыл бұрын
The most common cause of this is setting your password while the Raspberry Pi is set to a UK keyboard, and then changing your locale to a US keyboard. This switches several keys around and will lead to an incorrect password. I don't remember what password I used in that video, but it likely didn't involve any characters switched by the keyboard locale.
@Username-yv9pc3 жыл бұрын
how to unlock the pi account if you need it ?
@ITProTv3 жыл бұрын
If you have deleted the "pi" account, then it is gone and cannot be unlocked. If it still exists, but you don't know the password you can use "sudo passwd pi" to set a new password.
@BlahBlah-fe1gv4 жыл бұрын
🤬🥰🤬🤬🤬🤬🤬
@ITProTv4 жыл бұрын
🤓
@mrjekarpa2 жыл бұрын
What a great video - very useful! 👌👍
@ITProTv2 жыл бұрын
Glad it was helpful!
@HollyTroll2 жыл бұрын
This was a really great video, thank you so much!
@Adrien_broner3 жыл бұрын
Funny this is the only video talking about the security risks of using a raspberry pi.