Continuation of the last time "RaspberryPi4 purchase" Raspbian:10.3 kernel:4.19.97-v7l+ #1294
If the wifi setting was performed when installing the OS with NOOBS, it was installed with that setting in the OS as well.
The default Raspberry Pi does not have a password set for "root".
$ sudo passwd root
$ su -
$ rpi-update
$ reboot
$ mkdir /boot/ssh
$ shutdown -r now
Connect with user pi initial password raspberry via SSH
$ useradd --group sudo -m -u <uid> <newuser>
$ passwd <newuser>
userdel -r pi
$ vi /etc/dhcpcd.conf
interface eth0
static ip_address=192.168.1.10/24
static routers=192.168.1.1
interface wlan0
static ip_address=192.168.1.30/24
static routers=192.168.1.1
For added security, we have changed the port to deny direct login as root, enable encryption keys, disable password authentication, and extend session lifetime. * Only the changed parts are listed.
$ vi /etc/ssh/sshd_config
Port <PortNo>
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
PasswordAuthentication no
ClientAliveInterval 1800
ClientAliveCountMax 3
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/<username>/.ssh/id_rsa):
Created directory '/home/<username>/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/<username>/.ssh/id_rsa.
Your public key has been saved in /home/<username>/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:*************************************************** <username>@raspberrypi
The key's randomart image is:
+---[RSA 2048]----+
|OOOOOO |
+----[SHA256]-----+
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
First, set up a wireless LAN access point (when there are multiple access points)
$ vi /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="<SSID1>"
psk="<passphrase>"
}
network={
ssid="<SSID2>"
psk="<passphrase>"
}
Next, the IP address is defined for the wireless LAN I / F, but the assigned IP address can be defined for each access point.
$ vi /etc/dhcpcd.conf
interface wlan0
ssid <SSID1>
static ip_address=192.168.1.30/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
ssid <SSID2>
static ip_address=192.168.11.30/24
static routers=192.168.11.1
static domain_name_servers=192.168.11.1
$ apt update
$ apt upgrade
* When upgrading, if there is a hold, do the following
$ apt -s dist-upgrade
$ apt upgrade
$ rpi-update
$ reboot
Since it is troublesome to manually upgrade with the apt command, we introduced a package that automatically updates.
$ apt install -y unattended-upgrades
$ vi /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Origins-Pattern {
"o=${distro_id},n=${distro_codename}";
" o = $ {distro_id}, n = $ {distro_codename} "; to the next line of Unattended-Upgrade.I'm deleting the pi user, so I don't think it's a problem, but I deleted the sudoers definition just in case.
$ rm /etc/sudoers.d/010_pi-nopasswd
$ raspi-config
Select 4 Localization Options and select
Select ʻI2 Change Timezone. Select Asia. Select Tokyo. Select OK`.
$ timedatectl status
Local time:Sat 2020-03-21 14:35:07 JST
Universal time:Sat 2020-03-21 05:35:07 UTC
RTC time: n/a
Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
If NTP service is ʻactive`, the NTP service is already running and you do not need to set the automatic start setting.
$ vi /etc/systemd/timesyncd.conf
[Time]
NTP=ntp.jst.mfeed.ad.jp
FallbackNTP=ntp.nict.jp time.google.com
$ raspi-config
Select 4 Localization Options and select
Select ʻI4 Change Wi-fi Country. Select JP Japan. Select OK`.
$ apt -y install ntfs-3g
Connect the USB disk and check the UUID of the USB HDD.
$ blkid
/dev/mmcblk0p1: LABEL_FATBOOT="RECOVERY" LABEL="RECOVERY" UUID="BED1-E8B9" TYPE="vfat" PARTUUID="00031adc-01"
/dev/mmcblk0p5: LABEL="SETTINGS" UUID="f3286ddd-6b11-4a1e-b780-32c39134818d" TYPE="ext4" PARTUUID="00031adc-05"
/dev/mmcblk0p6: LABEL_FATBOOT="boot" LABEL="boot" UUID="3CB5-EC8B" TYPE="vfat" PARTUUID="00031adc-06"
/dev/mmcblk0p7: LABEL="root" UUID="f319c423-f87b-4a99-8309-11173614c408" TYPE="ext4" PARTUUID="00031adc-07"
/dev/mmcblk0: PTUUID="00031adc" PTTYPE="dos"
/dev/sda1: LABEL="My Passport" UUID="C00EE4C60EE4B716" TYPE="ntfs" PTTYPE="atari" PARTLABEL="My Passport" PARTUUID="4638ed1e-9915-42f4-96b5-1491ff482e58"
Added to fstab for automatic mounting
$ mkdir /data
$ vi /etc/fstab
UUID="C00EE4C60EE4B716" /data ntfs-3g async,auto,dev,exec,gid=65534,rw,uid=65534,umask=000 0 0
I rarely use a display, and basically I access it with SSH and configure it, so I minimize the allocation value to GPU memory. (Changed the default 64MB to the minimum 16MB)
$ vi /boot/config.txt
gpu_mem=16
Reboot after changing the settings.
Disable the built-in Bluetooth of the unused Raspberry Pi.
$ vi /boot/config.txt
dtoverlay=disable-bt
#dtoverlay=disable-wifi #Wireless LAN can be disabled
This should also be restarted after changing the settings.
$ vi /boot/config.txt
dtparam=eth_led0=14
dtparam=eth_led1=14
$ vi /boot/config.txt
dtparam=act_led_trigger=none,act_led_activelow=on #turn act LED off
dtparam=pwr_led_trigger=none,pwr_led_activelow=on #turn power LED off
Recommended Posts