Couldn't find them here, so here are the two lines: "origin=Raspbian,codename=${distro_codename},label=Raspbian"; "origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation"; Thanks for the video, it is very informative!
THANK YOU! I see SO many Raspberry Pi "setup" videos out there that just fire up the Pi, set the basic settings and then Totally ignore any of this. I would LOVE to see more videos like this!!!
Thank you for this! I followed these suggestions and also made my RPI static IP (on RPI and router sides) as I plan to use it for server work. Learning a lot, liked and subbed
Using my Raspberry Pi to learn Linux and CLI. Being able to SSH from my iPad makes that super easy but security has been a concern. Thanks for the tips.
Why is this not in the top watch lists for the RPi? This was a brilliant tutorial to aiding in understanding how to protect the basics of the RPi when it's connected to the internet, such as when being used as a basic home servers. There are lots of videos out there on how to turn the RPi into a server, but they all lack protecting it. I viewed the web page linked to this video and how you write down and explain stuff is really helpful. So through four or five really good videos by various YTers I know now to install the Lite version of Raspberian, I know how to change the username, host name, password and privileges, I know how to lock out the default user, I know how to better protect the ssh side of the connection. Install a firewall and configure it. Install Apache, run a server and update my IP address so my website shouldn't be down any longer than say 15mins... Brilliant tutorial... Thank you so much!
Really useful. Thanks. I've been frustrated by just about everything I read telling me to use apt online, when I don't feel safe doing that. Having to "sudo" commands strikes me as like playing "Simon says", and being effectively told "Ha! You didn't say "Simon says" ". Utterly pointless pseudo (sudo) security, like one of the Seven Dwarfs locking the mine shaft then putting the key on a hook, next to the door.
One of best tutorial I have been watched recent times about Raspberry pi. It would be good if you can also explain how to unlock the IP after it blocked for continuous wrong password.
I see that this tutorial is for securing a Raspberry Pi that's running Ubuntu. I've followed the steps you've given and applied them to a Pi running Raspbian, and it worked out great and I appreciate it! What can I do to secure a Pi that's running Arch-based distros such as Manjaro?
When you install and edit the 50unattendedupades file, what is the txt to use if you're on the newer Raspberry Pi OS, versus Rasbian? Awesome video, thank you!
Loved you video, still confuse on firewalls. If I enable UFW and close certain ports does it just close these ports on the pi or does it also close those ports for all my other devices on my network?
I'm using my pi 0 only for pi hole. are there any extra ports I should leave open when setting up UFW so it doesn't disrupt pi hole and if, than which ports should I leave open ?
Very new to all this, at the seven minute mark when testing to see if the new user has ssh access, how do you know what IP address to enter. I tried entering the one from the “hostname -I”but that didn’t work. It said authenticity couldn’t be established
I disagree reg. public key ssh auth, it is very easy to setup, on mac you can simply do ssh-copy to copy the public key to the authorized keys for the pi. It also makes it pretty much impossible for anyone to brute force your ssh.
Why "-y"? When installing ufw most guides do not add -y what does -y do or mean? Finally found it. -y states yes to all yes and no prompts. Is this correct? Just want to make sure. One more noob question, what are you pressing multiple times to make sure the home prompt comes up? Ctrl+c?
You are correct. I am usually in a hurry (especially in videos) and don't want to fuss with an extra confirmation prompt. It is fine in a lab environment, but you might not want to do it in a production environment if you are worried about typos.
Very helpful video! Set up Ufw and fail2ban exactly how you have it here in the video but cant seem to get fail2ban to ban the ip after several failed attempts. Is there anything that can be done to fix this?
Just posting again incase anyone has the same issue as me. I managed to resolve this by putting in the jail.local file: [DEFAULT] banaction = ufw. Then in the file under /etc/fail2ban/jail.d/defaults-debian.conf I changed enabled to false and created a new file called custom.conf in the jail.d directory. Set up all the configerations for the ssh jail in that file and used logpath = /var/log/auth.log and its now working like a charm! Hope this helps anyone that has the same issue as I did :-) **UPDATE With a recent raspberry OS update I noticed the auth.log file stopped logging failed ssh attempts. To resolve this, inside the custom.conf file, remove the line 'logpath = /var/log/auth.log' and replace it with backend = systemd Spent a few hours scratching my head trying to fix it but adding this update just in case someone else has the same issue as me and stumbles along this :-)
It could be a few things. If you haven't changed the SSH configuration on the Pi, then usuallyk either sshd on the pi, or the ssh client on your computer are out of date. If you have changed your SSH configuration, then you may need to regenerate your SSH keys on the Pi.
Sorry, I'm not an expert on Flightaware so I don't have the answers to your question. I would suggest you check their documentation and see if you can find out there.
I followed the instructions and reviewed twice and triple before saving any file or issuing a command and I still got locked out after enableing fail2ban.... I had to re-image my sdcard.
My best guess now is that you need to change your location FIRST in the raspi-config before changing the pi password, the video is doing it backwards :(
The most common cause of this is setting your password while the Raspberry Pi is set to a UK keyboard, and then changing your locale to a US keyboard. This switches several keys around and will lead to an incorrect password. I don't remember what password I used in that video, but it likely didn't involve any characters switched by the keyboard locale.
@@ITProTv I think he was talking about the links to find raspberry pi update strings. I see that above - hope the OP did to, thank you. My question is does the change to "Raspberry Pi OS" change any of this? Lastly you mentioned I could find this on the Raspberry Pi page - I can't seem to locate it, can you provide a link in case I need to make a new string for future versions? Thanks & great video!
If you have deleted the "pi" account, then it is gone and cannot be unlocked. If it still exists, but you don't know the password you can use "sudo passwd pi" to set a new password.