Professional Documents
Culture Documents
linotetoselfandsharewithothers,blogbyPeterLegierski
RaspberryPi2:Basicsetupwithout
anycables(headless)
TodayIwanttoshowyouhowtosetupaheadlessRaspberryPi2withoutanyextracables
(HDMIorethernet),screens,keyboardsetc.Youmighthaveitalllyingaround,butyoumight
aswellbeonthegowithonlyyourlaptopandusbcablepoweringyourRaspberryPi.
YoucanstillfollowthisguideincaseyouconnectyourRPidirectlytotherouter,skipping
step3,whereIsetupwificard.
Illassumeyoualreadyhave:
RaspberryPi2
SDcard(8GB+)
powersource(chargerforyourmobilephonewillusuallydo)
compatibleusbwifiadapter
1.GettingRaspbian
ThefirststepistodownloadRaspbianimagethatwellbeworkingwith.Youcangetitfrom
here
(Imusingversion20151121).Extractit,itshouldbearound3.9GB.
2.WritingittoSDcard
InsteadoftryingtodescribeeverypossiblewayofwritingtheimageontheSDcard,Im
goingtopointyoutoanexcellentresourceonthistopic
elinux.orgarticle
.Onceyouredone
withit,wecanmovetothenextstep.
IpersonallyusetheDisksutilityonUbuntu.Youcanselectyourcardfromthelistontheleft,
chooseRestoreDiskImagefromthecogmenuontheright,andselectyourimgfile.
3.Wifisettings
Macusers:LookslikeyoucantaccessEXT4partitionswithoutfiddlingwith3rdparty
software.TheeasiestwaytogoaboutitistotemporarilyconnectRPitorouterwithethernet
cable,sshin(seebelow)andcontinuesettingthingsupin
/etc/wpa_supplicant/wpa_supplicant.conftogetthewifirunning.Anotheroptionistocreatea
VirtualBoxVMusingUbuntu,andmounttheimagethere.
DontremoveSDcardfromthereaderonyourcomputer.Weregoingtosetupthewifi
interface,sothatyoucansshintotheboxviawirelessconnection.
Openterminalandedit/etc/wpa_supplicant/wpa_supplicant.conf
ontheSDcard
(noton
yourmachine).
Hereshowtoopenitwithnano:
cd/path/to/your/sd/card/
sudonanoetc/wpa_supplicant/wpa_supplicant.conf
andaddthefollowingtothebottomofthefile:
network={
ssid="yournetworkssidname"
psk="yournetworkpassword"
}
Youcansavefilewithctrl+xfollowedbyy.
Now,puttheSDcardintotheRPi,plugthewifiinandpoweritup.
4.Testsshaccess
TheeasiestwaytofindyourRaspberryPisIPaddressistocheckyourroutersadmin
panel.InmyTPLINKrouteradminpanelIhavetogotoDHCPandthenDHCPClients
List:
AnotherwaytofindtheIPaddressistousenmaptool.Oneofthefollowingcommands
shoulddisplayRaspberryPisIPaddressifyourIPaddressis192.168.1.XXXor
192.168.0.XXX:
sudonmapsP192.168.1.0/24
sudonmapsP192.168.0.0/24
nmapp22opensV192.168.1.*
nmapp22opensV192.168.0.*
NowthatyouknowyourPisIPaddress,youshouldbeabletosshintoitwith:
sshpi@[piipaddress]
Defaultpasswordforuserpiisraspberry.
5.raspiconfig
Run:
sudoraspiconfig
toexpandfilesystem,changeuserpasswordandsettimezone(ininternationalisation
options).
6.Passwordlesslogin
Itstimetosecureitabit.Logoutexecuting:
exit
andcopyyourpublicsshkeyintoRPiwith:
sshcopyidpi@[piipaddress]
NowyoushouldbeabletosshintoRPiwithoutpassword:
sshpi@[piipaddress]
DonthaveSSHkey?Noproblem.Follow
thisguide
fromGitHubtocreateit.
7.sshdconfiguration
NowthatwecansshintoRPiwithoutpassword,itwouldbeagoodideatodisablepassword
login.
sudonano/etc/ssh/sshd_config
Andchangethefollowingvalues:
#changeittono
PermitRootLoginyes
#uncommentandchangeittono
#PasswordAuthenticationyes
FromnowonyouwillbeabletosshintoyourRPionlywithyourprivateSSHkey.Nice!
8.Update
LetsupdateRPi:
sudoaptgetupdate&&sudoaptgetupgrade
Itmighttakeawhile.
9.Watchdog
Nowweregoingtoinstallwatchdog.ItspurposeistoautomaticallyrestartRPiifitbecomes
unresponsive.
sudoaptgetinstallwatchdog
sudomodprobebcm2708_wdog
sudonano/etc/modules
Andatthebottomadd:
bcm2708_wdog
Nowletsaddwatchdogtostartupapplications:
sudoupdaterc.dwatchdogdefaults
andedititsconfig:
sudonano/etc/watchdog.conf
#uncommentthefollowing:
maxload1
watchdogdevice
Startwatchdogwith:
sudoservicewatchdogstart
10.Firewall
WeregoingtouseUFW(UncomplicatedFireWall)torestrictaccesstoourRPi:
sudoaptgetinstallufw
sudoufwallow22
sudoufwenable
Andwecanseeitsstatuswith:
sudoufwstatusverbose
Asyoucansee,wereacceptingincomingconnectionsonlyonport22.
11.fail2ban
Nowweregoingtoinstallfail2banwhichwillautomaticallybanIPaddressesthatarefailing
togetintoourRPitoomanytimes:
sudoaptgetinstallfail2ban
sudocp/etc/fail2ban/jail.conf/etc/fail2ban/jail.local
Restartfail2ban:
sudoservicefail2banrestart
andcheckcurrentbanswith:
sudoiptablesL
Done!
Thatsit,ourRPiissetupandmuchmoresecure.
PDFdownloadedfrom:
blog.self.li