The Raspberry Pi is a remarkable piece of technology that enabled a whole slew of budget-friendly projects and allowed people to get extremely clever without having to break the bank.

apt update && upgrade

Modify all repos under /etc/apt/sources.list and /etc/apt/sources.list.d/

Most should just need an OS release name change. Check specific apps resources, or just change it and see if it pulls on apt update.

After done,

apt update && upgrade apt full-upgrade

Anytime OS gets major upgrade, will need to rebuild. See troubleshooting section on GitHub.

Remove ~/perl5 dir, run the installer, don’t copy the deploy yaml, run the deploy. Y to all. Start up services

https://www.ssh.com/ssh/keygen/

https://christitus.com/ssh-guide/

https://stribika.github.io/2015/01/04/secure-secure-shell.html (outdated but useful)

https://medium.com/@jasonrigden/hardening-ssh-1bcb99cd4cef

https://infosec.mozilla.org/guidelines/openssh.html

https://superuser.com/questions/868998/how-can-i-find-a-list-of-macs-ciphers-and-kexalgorithms-that-my-openssh-client

https://github.com/jtesta/ssh-audit

RSA-4096 and ED25519 are the only protocols to be using that are considered “secure” currently. Get initial keys set up, then copy the other keys over using a master machine, or if starting from scratch, get as many keys on before turning off password auth Public key goes into /home/user/.ssh/authorized_keys . Do this for each user you want to sign in as. Ideally, stick to one and sign in to other user after sign in (su - user) Run ssh-audit and find where you can improve

Before you begin, on the home folder of each user you are going to remote into, run the following

• ssh-keygen -t rsa
• ssh-copy-id -i ~/.ssh/id.rsa.pub user@remoteserver
  • above may not work depending on your setup. It will most backend work for you
• If the above does not work:
  • scp ~/.ssh/id_rsa.pub user@remoteserver:~
  • cat ~/id_rsa.pub » ~/.ssh/authorized_keys

https://devops.ionos.com/tutorials/use-ssh-keys-with-putty-on-windows