Things covered here:-

• • Hardware overview
  • Network configuration
  • Update the system and installing ssh client and/or server
  • Using simple naming
  • Logging into and sending files over secure channels
  • Restricting users and IP addresses
  • Router settings for web access
  • Router setting for portforwarding to a server
  • Dispensing with password verification

 

Hardware overview

Let’s suppose we have 4 raspberry pi computers, a desktop computer and another computer acting as an internet accessible ssh server, all to be given unique static IP addresses. We also have them all connected into a switch and a router with Cat5 LAN cables. The router’s IP address is assumed to be 192.168.1.1, accessible with your browser.

 

Network configuration

will tell you the name of the network card, usually “eth0”.

 

Then use one of the following three methods:

Use the network widget on your desktop to set up a unique static address.

 

Or precede with sudo an editor (such as nano) command of the file /etc/dhcpcd.conf thusly, using unique “address” lines for each computer:

 

Or edit /etc/network/interfaces thusly

 

Save the file and restart the network with the new configuration file

 

You can test the card is configured by pinging it and Google with

 

Update the system and installing the ssh client and/or server

With Raspbian, which is a Debian packages based system, run on all machines in turn

 

Using simple naming

Edit the file /etc/hosts on the desktop computer thusly:

 

Logging into and sending files over secure channels.

To log from your desktop account to your account on Pi number 3 you can do

 

To log in with the ability to run X Window applications do

 

To copy a file to the pi number 3 you can do

NOTE the colon.

 

To log into a different account on pi number 3 issue

 

You will be prompted for your password on the server (and the first time a key will be placed in .ssh/known_hosts in your directory).

 

Restricting users and IP addresses

On the desktop and pi computers edit the file /etc/ssh/sshd_config and add the line:

(paul is just an example here.)

 

On the server computer use the line

 

Then restart the ssh server to read the new config file with

 

Router settings for web access

Only allow your desktop and your server web access by restricting the “IP addresses” and the “MAC addresses” in your router’s software settings.

You can find the details you need to enter by running “sudo ip address” on the desktop and on the server.

 

Router setting for portforwarding to a server

In the router’s software accessed through a browser set portforwarding as:

 

Your server is now accessible for anyone on the net — use strong passwords!

 

Dispensing with password verification

You don’t have present your password if your pi servers recognises a key presented to them To get this working

(do not enter a pass-phrase – leave it blank)

 

 

VERY IMPORTANT: You should ensure the permissions of the private key permissions file are -rw——- with

 

If not use:

 

Finally, use strong passwords and periodically change them with the passwd command.