computers:raspberry_pi_linux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
computers:raspberry_pi_linux [2018/12/12 17:07] – ↷ Page moved from raspberry_pi_linux to computers:raspberry_pi_linux localadmincomputers:raspberry_pi_linux [2022/08/19 17:21] (current) jon
Line 20: Line 20:
 ====== Linux Tips/Tricks ====== ====== Linux Tips/Tricks ======
  
 +===== OS Upgrades =====
 +
 +apt update && upgrade
 +
 +Modify all repos under /etc/apt/sources.list and /etc/apt/sources.list.d/
 +
 +Most should just need an OS release name change. Check specific apps resources, or just change it and see if it pulls on apt update.
 +
 +After done,
 +
 +apt update && upgrade
 +apt full-upgrade
 +
 +==== NetDisco ====
 +
 +Anytime OS gets major upgrade, will need to rebuild. See troubleshooting section on GitHub.
 +
 +Remove ~/perl5 dir, run the installer, don’t copy the deploy yaml, run the deploy. Y to all. Start up services
 +
 +===== Public Key Authentication =====
 +
 +https://www.ssh.com/ssh/keygen/
 +
 +https://christitus.com/ssh-guide/
 +
 +https://stribika.github.io/2015/01/04/secure-secure-shell.html (outdated but useful)
 + 
 +https://medium.com/@jasonrigden/hardening-ssh-1bcb99cd4cef
 +
 +https://infosec.mozilla.org/guidelines/openssh.html
 +
 +https://superuser.com/questions/868998/how-can-i-find-a-list-of-macs-ciphers-and-kexalgorithms-that-my-openssh-client
 +
 +https://github.com/jtesta/ssh-audit
 +==== Summary ====
 +
 +RSA-4096 and ED25519 are the only protocols to be using that are considered "secure" currently.
 +Get initial keys set up, then copy the other keys over using a master machine, or if starting from scratch, get as many keys on before turning off password auth
 +Public key goes into /home/user/.ssh/authorized_keys . Do this for each user you want to sign in as. Ideally, stick to one and sign in to other user after sign in (su - user)
 +Run ssh-audit and find where you can improve
 +
 +==== macOS/Linux ====
 +
 +Before you begin, on the home folder of each user you are going to remote into, run the following
 +
 +  * ssh-keygen -t rsa
 +  * ssh-copy-id -i ~/.ssh/id.rsa.pub user@remoteserver
 +     * above may not work depending on your setup. It will most backend work for you
 +  * If the above does not work:
 +       *scp ~/.ssh/id_rsa.pub user@remoteserver:~
 +       *cat ~/id_rsa.pub >> ~/.ssh/authorized_keys 
 +
 +==== Windows ====
 +
 +https://devops.ionos.com/tutorials/use-ssh-keys-with-putty-on-windows
  • computers/raspberry_pi_linux.1544634445.txt.gz
  • Last modified: 2018/12/12 17:07
  • by localadmin