Couldn't find them here, so here are the two lines: "origin=Raspbian,codename=${distro_codename},label=Raspbian"; "origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation"; Thanks for the video, it is very informative!

@ITProTv

3 жыл бұрын

You're welcome. Thanks so much for adding that!

@altaccproxy9890

3 жыл бұрын

Thank you so much!

THANK YOU! I see SO many Raspberry Pi "setup" videos out there that just fire up the Pi, set the basic settings and then Totally ignore any of this. I would LOVE to see more videos like this!!!

@ITProTv

4 жыл бұрын

Glad it helped! We'll be working on more for sure.

Thank you for this! I followed these suggestions and also made my RPI static IP (on RPI and router sides) as I plan to use it for server work. Learning a lot, liked and subbed

Extremely useful, thank you for the information!

@ITProTv

4 жыл бұрын

Glad it was helpful!

This was a really great video, thank you so much!

Thank you, for the very clear video.

Extremely useful, thank you so much

Why is this not in the top watch lists for the RPi? This was a brilliant tutorial to aiding in understanding how to protect the basics of the RPi when it's connected to the internet, such as when being used as a basic home servers. There are lots of videos out there on how to turn the RPi into a server, but they all lack protecting it. I viewed the web page linked to this video and how you write down and explain stuff is really helpful. So through four or five really good videos by various YTers I know now to install the Lite version of Raspberian, I know how to change the username, host name, password and privileges, I know how to lock out the default user, I know how to better protect the ssh side of the connection. Install a firewall and configure it. Install Apache, run a server and update my IP address so my website shouldn't be down any longer than say 15mins... Brilliant tutorial... Thank you so much!

Wonderful, wonderful video. Thank you guys!

@ITProTv

3 жыл бұрын

Thanks for watching!

Thx! Keep up the good work.

@ITProTv

4 жыл бұрын

Appreciate it, Frederic!

Really useful. Thanks. I've been frustrated by just about everything I read telling me to use apt online, when I don't feel safe doing that. Having to "sudo" commands strikes me as like playing "Simon says", and being effectively told "Ha! You didn't say "Simon says" ". Utterly pointless pseudo (sudo) security, like one of the Seven Dwarfs locking the mine shaft then putting the key on a hook, next to the door.

Nicely done! Will definitely follow ;)

Using my Raspberry Pi to learn Linux and CLI. Being able to SSH from my iPad makes that super easy but security has been a concern. Thanks for the tips.

Great stuff. Simple security steps people skip all the time

@ITProTv

3 жыл бұрын

Exactly! Glad you found it useful.

thanks!

very helpful, thank you :)

@ITProTv

3 жыл бұрын

You're welcome! Glad it was helpful.

This was an excellent video

What a great video - very useful! 👌👍

@ITProTv

2 жыл бұрын

Glad it was helpful!

Thanks! Very useful ! Just for clarification, AllowUsers' users must be separated by spaces, not by commas.

Loved you video, still confuse on firewalls. If I enable UFW and close certain ports does it just close these ports on the pi or does it also close those ports for all my other devices on my network?

When you install and edit the 50unattendedupades file, what is the txt to use if you're on the newer Raspberry Pi OS, versus Rasbian? Awesome video, thank you!

what a great tutorial, learned a lot

@ITProTv

3 жыл бұрын

Glad it was helpful!

Really really cool video, subbed.

@ITProTv

3 жыл бұрын

Appreciate it!

Great tutorial, I am surprised you don't show how to secure connection with a certificate, it would be for another video maybe...

Very useful, thumbs up

@ITProTv

3 жыл бұрын

Thanks for watching & liking!

One of best tutorial I have been watched recent times about Raspberry pi. It would be good if you can also explain how to unlock the IP after it blocked for continuous wrong password.

@ITProTv

4 жыл бұрын

Great idea! Maybe we'll do that for the next Pi day.

I see that this tutorial is for securing a Raspberry Pi that's running Ubuntu. I've followed the steps you've given and applied them to a Pi running Raspbian, and it worked out great and I appreciate it! What can I do to secure a Pi that's running Arch-based distros such as Manjaro?

@ITProTv

4 жыл бұрын

Glad it worked for you. On the Arch question, that would be a whole different video to go in to all of that. Maybe we'll make one next Pi day!

I have also enabled 2 factor authentication for SSH

I'm using my pi 0 only for pi hole. are there any extra ports I should leave open when setting up UFW so it doesn't disrupt pi hole and if, than which ports should I leave open ?

Can you do this on the twister OS ? Sorry first time using raspberry pi or soon to be

Can the unattended auto updates be added to the TwisterOS ?

U should do a video about portforwarding ssh on raspberry pi :)

@ITProTv

4 жыл бұрын

Not a bad idea. Happy Pi Day!

What port does flightaware (Piaware) use? Also, does flightaware need the Pi user account for anything?

@ITProTv

3 жыл бұрын

Sorry, I'm not an expert on Flightaware so I don't have the answers to your question. I would suggest you check their documentation and see if you can find out there.

What commands do you use to unlock the pi account?

Very helpful video! Set up Ufw and fail2ban exactly how you have it here in the video but cant seem to get fail2ban to ban the ip after several failed attempts. Is there anything that can be done to fix this?

@karmallama7629

4 жыл бұрын

Just posting again incase anyone has the same issue as me. I managed to resolve this by putting in the jail.local file: [DEFAULT] banaction = ufw. Then in the file under /etc/fail2ban/jail.d/defaults-debian.conf I changed enabled to false and created a new file called custom.conf in the jail.d directory. Set up all the configerations for the ssh jail in that file and used logpath = /var/log/auth.log and its now working like a charm! Hope this helps anyone that has the same issue as I did :-) **UPDATE With a recent raspberry OS update I noticed the auth.log file stopped logging failed ssh attempts. To resolve this, inside the custom.conf file, remove the line 'logpath = /var/log/auth.log' and replace it with backend = systemd Spent a few hours scratching my head trying to fix it but adding this update just in case someone else has the same issue as me and stumbles along this :-)

@ITProTv

4 жыл бұрын

Glad you get it resolved!

Very new to all this, at the seven minute mark when testing to see if the new user has ssh access, how do you know what IP address to enter. I tried entering the one from the “hostname -I”but that didn’t work. It said authenticity couldn’t be established

@ITProTv

3 жыл бұрын

Run "ip addr" on the Raspberry Pi to see what IP address it has.

Why "-y"? When installing ufw most guides do not add -y what does -y do or mean? Finally found it. -y states yes to all yes and no prompts. Is this correct? Just want to make sure. One more noob question, what are you pressing multiple times to make sure the home prompt comes up? Ctrl+c?

@ITProTv

3 жыл бұрын

You are correct. I am usually in a hurry (especially in videos) and don't want to fuss with an extra confirmation prompt. It is fine in a lab environment, but you might not want to do it in a production environment if you are worried about typos.

I'm new to all this and for the life of me I can't figure out how you get the Terminal window on your PC monitor while running windows??????

I disagree reg. public key ssh auth, it is very easy to setup, on mac you can simply do ssh-copy to copy the public key to the authorized keys for the pi. It also makes it pretty much impossible for anyone to brute force your ssh.

@ITProTv

3 жыл бұрын

Thanks for your input!

If I lock out my PI account according to your video, how do I reinstall it?

Why disable the pi user, why not just change the pi username on creating the image and changing the password too?

i cant ssh into my pi "The authenticity of host an't be established. ECDSA"?

@ITProTv

3 жыл бұрын

It could be a few things. If you haven't changed the SSH configuration on the Pi, then usuallyk either sshd on the pi, or the ssh client on your computer are out of date. If you have changed your SSH configuration, then you may need to regenerate your SSH keys on the Pi.

didnt put the links you said you were gonna put in the comments

@ITProTv

4 жыл бұрын

Apologies. Just skimmed back through, and I don't see where we mentioned links, however here are the full notes we created for the show: Basic Steps ======================================= * Install Rapsbian + `sudo raspi-config` + Change password + Network + Localization + Interfacing (SSH) + `hostnamectl set-hostname dpserver` * Create a custom user + `adduser dpezet` + `gpasswd -a dpezet adm` + `gpasswd -a dpezet sudo` + `visudo` + `dpezet ALL=(ALL) NOPASSWD:ALL` * Lock the pi user (Optional) + `sudo passwd -l pi` System Updates ======================================= * Perform updates + `sudo apt update && sudo apt upgrade -y` * Enable automatic upgrades + `sudo apt install unattended-upgrades` + `sudoedit /etc/apt/apt.conf.d/50unattended-upgrades` + Append + "origin=Raspbian,codename=${distro_codename},label=Raspbian"; + "origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation"; Eliminating Unused Services ======================================= * Stop unnecessary services + `systemctl --type=service` + `systemctl --type=service --state=active` + `sudo systemctl disable ` Configuring a Firewall ======================================= * Enable basic firewall + `sudo apt install ufw -y` + `sudo ufw allow 22/tcp comment "SSH"` + `sudo ufw enable` + `sudo ufw status` Securing SSH ======================================= * Restrict SSH2 + `sudoedit /etc/ssh/sshd_config` + AllowUsers dpezet + Optional: `PasswordAuthentication no` * Enable brute force protection + `sudo apt install fail2ban -y` + `sudoedit /etc/fail2ban/jail.local` ``` + [DEFAULT] + bantime = 1h + banaction = ufw + [sshd] + enabled = true ```

@P90Camper

4 жыл бұрын

@@ITProTv I think he was talking about the links to find raspberry pi update strings. I see that above - hope the OP did to, thank you. My question is does the change to "Raspberry Pi OS" change any of this? Lastly you mentioned I could find this on the Raspberry Pi page - I can't seem to locate it, can you provide a link in case I need to make a new string for future versions? Thanks & great video!

Why can't anyone answer my question?

how to unlock the pi account if you need it ?

@ITProTv

3 жыл бұрын

If you have deleted the "pi" account, then it is gone and cannot be unlocked. If it still exists, but you don't know the password you can use "sudo passwd pi" to set a new password.

I followed the instructions and reviewed twice and triple before saving any file or issuing a command and I still got locked out after enableing fail2ban.... I had to re-image my sdcard.

@mx310tuda7

3 жыл бұрын

My best guess now is that you need to change your location FIRST in the raspi-config before changing the pi password, the video is doing it backwards :(

@ITProTv

3 жыл бұрын

The most common cause of this is setting your password while the Raspberry Pi is set to a UK keyboard, and then changing your locale to a US keyboard. This switches several keys around and will lead to an incorrect password. I don't remember what password I used in that video, but it likely didn't involve any characters switched by the keyboard locale.

Funny this is the only video talking about the security risks of using a raspberry pi.

@ITProTv

3 жыл бұрын

We try to cover all angles objectively!

🤬🥰🤬🤬🤬🤬🤬

@ITProTv

4 жыл бұрын

🤓