Setup RaspberryPi with minified raspbian (minibian)

Today I finally got around to fiddle with one of my RaspberryPi again. I received a couple of Bluetooth LE USB Sticks on friday and thought about doing some iBeacon stuff.
But first I’ll a clean Raspbian so I won’t kill any other projects or run into issues with this.Since I’m kind of lazy I usually follow some tutorials instead of remembering all the required commands. Yet, today I figured why not just write it down so I have it always available.I’m using Minibian because I won’t need any of the GUI stuff and it’s just simpler than to strip down an existing image.

The only sideeffects are:

  • I have to resize the filesystem first before doing anything else (I forgot it way to often!)
  • I have to remember where to get the setup instructions for the WiFi module

Step 1 – Installation

Download Minibian

https://minibianpi.wordpress.com/

It’s really great work and all credits goes to Luca Soltoggio.

I usually just use 7Zip and extract the image to the disk, afterwards I put in an mSDCard and use Win32DiskImager to write the file to the SD Card.

If you’re on Linux you can use dd and probably won’t need any advice on how to do this anyway.

Step 2 – Preparations

Start putty and connect to raspberrypi via SSH. Login credentials are root/raspberry (another thing I tend to forget, but you can find it in the Minibian FAQ). Then since I’m lazy I use raspi-config, which is not installed by default. But that is no problem, just type in

apt-get install raspi-config -y

Be careful: Do not attempt to do an apt-get update beforehand!

After the successful installation just start the tool by writing

raspi-config

Now I first resize the filesystem and afterwards change the timezone to my local timezone. You can finish afterwards and agree to the reboot (it’s required for the changes to take effect)

StepĀ  3 – Updates & Tools

Well done. Now you got enough space available to update your system!

    apt-get update && apt-get upgrade

In case of any questions answer with yes (y).

    apt-get dist-upgrade

After both Upgrade and Dist-Upgrade we should also update the Raspberry Pi firmware. First we install soome basic tools with

apt-get install nano sudo rpi-update usbutils -y

Then we use

rpi-update

for our firmware update needs.

Step 4 – Wireless Lan

After the next reboot we will have an completely update to date system. Awesome, but I want to remove the fiddly Ethernet cable which is always in my way.

In order to achieve this I bought some of the famous Edimax WiFi sticks. Those require some special firmwares and some tools which can be easily installed via apt-get

apt-get install firmware-linux-nonfree wireless-tools wpasupplicant -y

Afterwards we have to bring up the wifi device. First verify if it’s available

ip a 
iwconfig

It is usually named “wlan0” in this case just use

ip link set wlan0 up

to bring it up. Then you can either scan the list of available gateways first with

iwlist scan

or directly configure the /etc/network/interfaces file.

This is done with nano so we open the file directly in the nano editor

nano /etc/network/interfaces

There we at the following text

auto wlan0
allow-hotplug wlan0 
iface wlan0 inet dhcp
        wpa-ssid myssid
        wpa-psk mysecret

If you changed the ssid and secret accordingly you can close nano with Ctrl-X.
With

ifup wlan0

we can force the connection.

Step 5 – Security

In the first four steps we did all the basic setup stuff which is required to use the Raspberry Pi as a headless system. Yet, there are still some things to do.

We have lots of security issues, we haven’t changed the login credentials, we still use root all the time and we could use a firewall.

So bear with me for just a few additional steps. Even if you just plan to do fun stuff with your Pi, it is always worth learning how to do it right.

Since we did most of all the admin tasks with root, it is time to create our personal user account.

Type in

adduser myname

to create your default user.

usermod -a -G sudo myname

With the second command we allow ourselfs to gain additional rights with the sudo command. You’ll see this in action soon.
Now you should do a reboot and login with your new user.

To enhance our security we will switch to key based authentication. Since I already have a key, I can just use

If you don’t have a key pair follow the steps in this guide and copy the contents or your id_rsa.pub file into /home/myname/.ssh/authorized_keys

Paste your public key into this file and use Ctrl-X to save.

Well, we did it! We have key, unfortunately we also need to enforce the use of this key. Therefor we will modify the sshd config

sudo nano /etc/ssh/sshd_config

Change value “PermitRootLogin” from yes to no
And uncomment “PasswordAuthentication” (remove leading #) and change the value from yes to no.
Now restart the ssh server with

sudo /etc/init.d/ssh restart

The last step with regards to passwords is to change the root password. You can simply run

and enter the new password.

Finally! The most important part is done.
But we still want our firewall… these are the 3 simple steps for your new and shiny firewall.

sudo apt-get install ufw
sudo ufw allow 22
sudo ufw enable

That’s it!

Leave a Reply

Your email address will not be published. Required fields are marked *