From f792ba512e4937b6d9fdfbee0b04dd412a71858e Mon Sep 17 00:00:00 2001 From: Steven Baltakatei Sandoval Date: Wed, 7 Oct 2020 23:46:16 +0000 Subject: [PATCH] doc(setup):Update README with SSH, git, and age details --- doc/setup/README.org | 49 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 10 deletions(-) diff --git a/doc/setup/README.org b/doc/setup/README.org index cc575b7..4eb8e2f 100644 --- a/doc/setup/README.org +++ b/doc/setup/README.org @@ -5,7 +5,7 @@ ** About This document created by [[http://baltakatei.com][Steven Baltakatei Sandoval]] on ~2020-10-07T18:39Z~ under a [[http://creativecommons.org/licenses/by-sa/4.0/][CC BY-SA 4.0]] license and last updated on -~2020-10-07T23:11Z~. +~2020-10-07T23:46Z~. This document contains information regarding setup of the ninfacyzga-01 hardware common to all operation modes. This includes: @@ -121,7 +121,6 @@ cat location.gpx.age | age -d -i key.txt > location.gpx The version of ~age~ used to perform the encryption - ** Operating Procedures *** Initial Startup **** Physical Setup @@ -161,7 +160,7 @@ Replace ~~ with your WiFi network's SSID. Replace ~~ with your WiFi network's passphrase. -***** Configure Remote SSH Login +***** Enable Remote SSH Login Configure SSH to permit remote administration via the command line interface. Raspberry Pi Foundation instructions [[https://www.raspberrypi.org/documentation/remote-access/ssh/README.md][here]]. @@ -169,6 +168,15 @@ In summary, remote SSH access may be enabled upon initial startup of a freshly installed image of Raspberry Pi OS by making sure an empty file named ~ssh~ is present on the ~boot~ partition. +***** Add SSH public key +If the use has an SSH public key, it may be added as a line in +~~/.ssh/authorized_keys~. + +Follow [[https://superuser.com/a/925859/][these]] directions to set permissions. + +: $ chmod 700 ~/.ssh +: $ chmod 644 ~/.ssh/authorized_keys + ***** Change default passphrase The default username is ~pi~ and the default passphrase is ~raspberry~. Change them to something unique. @@ -182,6 +190,21 @@ Update software with distribution repository. : $ sudo apt upgrade -y : $ sudo apt dist-upgrade -y +***** Update hostname +A unique hostname is required to uniquely identify the device on the +network. + +Start up the Raspberry Pi Software Configuration Tool by running: +: $ sudo raspi-config + +- Select `2 Network Options` +- Select `N1 Hostname` + +This document recommends a hostname beginning with the prefix: +: ninfacyzga-1- + +An example hostname would be ~ninfacyzga-1-2~. + ***** Install software ****** ~unattended-upgrades~ Make sure to install the ~unattended-upgrades~ package to make sure @@ -202,7 +225,8 @@ Install ~syncthing~ for log file transfer capability. : $ sudo apt install syncthing ****** ~git~ -Install ~git~ for downloading this repository to the device. +~git~ facilitates downloading files from this repository to the +device. It may be installed via: : $ sudo apt install git @@ -217,17 +241,22 @@ those of the ~master~ branch). : $ git checkout --track origin/develop ****** ~age~ +~age~ is required for encrypting data at rest. + Place ~age~ binary (the one compiled for ARM CPU architecture for Linux) in ~$HOME/.local/bin~. A copy of binary may be found within the ~exec~ directory. +: $ mkdir ~/.local/bin +: $ cp exec/age ~/.local/bin/ + ***** Disable Swap File -Since standard Raspbian 10 (Buster) install involves copying -unencrypted file system image to SD card which is mounted by the -Raspberry Pi, system memory may be written to disk in the form of a -Swap file as described [[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that -location log data is ever written to disk, swap file functionality -must be disabled[fn:ideaheap_20130731_disableswap]. +Since standard Raspberry OS 10 install involves copying unencrypted +file system image to SD card which is mounted by the Raspberry Pi, +system memory may be written to disk in the form of a Swap file as +described [[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that location log data +is ever written to disk, swap file functionality must be +disabled[fn:ideaheap_20130731_disableswap]. Raspbian 10 uses dphys-swapfile to manage a swap file. It may be disabled persistently[fn:rpf_20190702_disableswappersist] by running -- 2.30.2