Re: [Raspberry_Pi_4-Ham_RADIO] Re: Books
- Valid point.
Even though I've been using Linux since about 1993 I'm not an expert. I've learned enough along the way to be reasonably comfortable with Linux and to get myself out of trouble, mostly. My memory is as old as me and this means I take lots of refresher courses via Google <g>.
Changing the password is as simple as ...
sudo passwd root (If not logged in as root). You'll be asked for your user password and then your new root password. You'll be asked to confirm this by entering it a second time.
for a user account
passwd <username> You'll be asked for your current password and then the new password. Again, you have to enter it a second time.
Changing the hostname requires a couple of changes ...
1. update the entry in /etc/hostname
2. update the entry in /etc/hosts #This is the entry for my hosts file
192.168.1.199 pibox-vk2tv.ampr.org pibox-vk2tv
3. I reboot for this to take effect or, you could follow the instructions to restart services at .....
To improve security for ssh make two changes in /etc/ssh/sshd_config
1. at line 5 change the port number to a number less than 65535, which is the highest port number available. Look for ....
# What ports, IPs and protocols we listen for
2. A little further down the file look for
PermitRootLogin no #The default is yes. Change that to no
3. Restart the ssh server
sudo service ssh restart
This is a bit OT.
A little explanation of the ampr.org hostname is in order for those who are not familiar with packet radio. In the early days of packet radio, around 1983, the entire range 188.8.131.52 to 184.108.40.206 was allocated to the Amateur Radio service for the AMateur Packet Radio network, hence ampr.org. Its use was a part of the world-wide packet radio network and used tunneling (encapsulation) to interconnect individual stations around the globe. It is still used today by some amateurs. vk2tv.ampr.org has the IP address of 220.127.116.11, e.g. Our friend Google will reveal further information.
On 21/03/13 09:32, Rick Simpson wrote:
Very interesting, Ray. What most of us need is a list of the actual files that need changing and the lines within those files. Even better, a shell script we can download and run that contains prompts for the information we must provide. Since we are all using the same flavor of linux, all the files should be in the same place for each of us.Rick----- Original Message -----From: Ray WellsSent: Wednesday, March 20, 2013 5:29 PMSubject: Re: [Raspberry_Pi_4-Ham_RADIO] Re: BooksMy RPi runs as a headless aprs gateway and, like many others I use ssh to provide remote access.
I changed my Pi's password (and hostname) and I disabled root access for ssh as part of the initial setting up process. What I forgot to do was change the standard ssh port (22) to something more obscure. It now has five digits.
For three days I logged continuous attempts from three Chinese based IP addresses to log into my RPi - unsuccessfully, I should add.
My RPi contains no mission critical files but the attempted intrusions do highlight how determined some people are to gain access to YOUR information.
Since the ssh server in the RPi is now enabled by default, if your RPi has an internet connection it is probably at risk of intrusion.
Change these now;
RPi password. Changing the hostname is also recommended.
don't allow root access for ssh - modify the config file. You can sudo after you've connected with your user account.
change the default port number to something obscure. The only inconvenience this causes is you'll need to specify that port number in your ssh connect line. It's a lot harder stumble across, for example, 57642 than 22.
On 21/03/13 03:11, John D. Hays wrote:
I think there are two main reasons:
Sometimes we get wrapped in our 'professional' or even personal view of how things should be done, however, what we see as important may not be so for someone else.
- The operator lacks the experience and knowledge to properly implement security
- They have that knowledge and make a conscious decision that for the device's intended use, security isn't that important.
On Wed, Mar 20, 2013 at 8:42 AM, Kristoff Bonne <kristoff@...> wrote:Hi Jeff,
Sadly enough, there seams to be one thing that people do not seams to "port over" to the pi: security conciderations.
When we worked on unix machines, there where some core ideas like "you shall not run applications run as root unless really necessairy", etc.
If I see that people happily run the whole application as root/sudo only because they need access to a GPIO pin, or do not even bother to change the password of the "pi" user, I get a very bad feeling in my stomach!
Concidering the spread of ipv6 -where devices are becoming more and more accessable from the web- and embedded devices (like the pi) controlling more and more critical infrastructure; making sure these devices are properly protected in not a luxury anymore!!!
Kristoff - ON1ARF
On 20-03-13 15:50, Jeff Francis™ wrote:
The beauty of the Pi is that it's a Linux box. Pretty much anything (including books, tutorials, code examples, etc.) that applies to full-sized Linux boxes applies to the Pi. The only real difference is that it's smaller and has some handy IO ports right on the board. Think of the Pi as running Linux on a mid-90s era home PC. It's about the same speed, power, storage, and RAM, but with the benefit of much newer software. If you know linux, there's zero learning curve to using the Pi.
- i first used linux, eg, ubuntu and puppy, abt five years ago---i dont have any MSsystems on any of my machines---but i learn something every day==and i dont
worry abt viruses anywhere as much as i did with MSOn Thu, Apr 18, 2013 at 7:39 PM, Jeff Francis™ <jeff@...> wrote:On Thu, Apr 18, 2013 at 2:54 PM, Ray Wells <vk2tv@...> wrote:One would have to question the sanity of a book for beginners that references vi instead of one of the user friendly text editors that are available today, such as nano. Vi's only purpose in life is for geeks to prove they're macho Linux users. It would have to rate as the least intuitive, most confusing and most user unfriendly text editor ever (yes I have persevered with vi at length in days gone by and occasionally I still use it when forced to).Ok, it's getting a little deep in here. Yes, I would agree that vi is not the best editor for beginners, but claiming that vi's only purpose is for proving how macho you are is just plain ignorant. Text editors are tools, much like vehicles are tools. Both nano and vi (and emacs, for that matter) can be used to edit a simple text file. Both a moped and a Formula One car can be used to drive to the grocery store for milk. The fact that the Formula One car is far more of a tool than is required for going to the store does not make the car itself a tool only for macho drivers any more than using vi to edit a text file make it only a tool for macho linux users (though the choice to *USE* the F1 car for a milk run might be considered a bit over the top).There is no shame in not knowing how to use vi. It is a very very powerful tool that provides far more capabilities than will ever be required to add a host to /etc/hosts, very much in the same sense that there's no shame in the average driver not being able to drive a Formula One car without stalling and crashing it before they make it to the end of the street. There is a gradient of tools. Simple tools (like nano or notepad) require minimal skills, experience, and training to use effectively, but are of very marginal use for complex problems. Nobody in their right mind would write complex code with such a tool. Complex tools require a great deal of skill, experience, and training, but provide tremendous power in the hands of a skillful user (and may be overkill for simple tasks). Doing software development without the macros, programability, integration, and other features of an editor such as vi, emacs, or eclipse is almost suicidal. I can do tasks in emacs in four or five keystrokes that would quite literally take hours of tedious work to do in nano. Not because I'm smarter than a nano user, but because I've been using emacs since 1986. It's experience, not intelligence. Again, I agree that vi is not the appropriate tool for a beginner, but that doesn't make it useless or "macho". And at least in the case of vi, it's certainly not too much tool for the job of editing a text file, unless you don't happen to be good at vi. In which case the tool itself gets in the way of getting things done, and you should fine an alternative that lets you focus on your problem, not your tool. But don't blame the tool, blame the level of experience.And if you think vi is horrible to use, you've never used teco (probably the most powerful (and hardest to use) text editor in existence, prior to emacs) or edlin (probably the least powerful text editor in history, which shipped with MSDOS back in the day). vi is a paragon of usability compared to either of those.Linux was not designed for beginners. Never was. If you want a version of Unix for beginners, buy a Mac (which is BSD Linux with a very pretty GUI shell on top). Linux is a remarkably powerful tool, but one should not expect to just jump in and master it without time and effort. There is something on the order of 40+ years of development that have gone into Unix (not to mention it's ancestors, such as Multics). There's a culture, a history, and a reason for everything you do in Unix. Jumping into Linux with zero experience and expecting to accomplish anything of significance by following a few simple directions is probably aiming a little high for a beginner. Like any extremely powerful tool, you have to learn some basics before you can jump ahead to the hard stuff. man pages were not designed for a beginner to learn how to use a command. They're intended to remind an experienced user what all of the arcane flags and arguments are. The philosophy of Unix has always been "we don't give you documentation, we give you source code - if you want to know how something works, go read the source". This does not make it the perfect choice for everyone. It takes years of hard work and pain to master Unix. But when you've climbed that hill, you are master of a tool of unparalleled power. But there's no shame in not having the time, energy, and resources to reach that level of mastery. Most of us have jobs, kids, and other hobbies. If Linux doesn't sound like it's your thing, it's perfectly ok. Windows certainly gets a lot of things done without the arcana of Unix. And there's lots of Microsoft books at the local Barnes and Noble to bring your skills up to whatever level you desire to accomplish what you want to do.As the famous saying goes, "Unix is very user friendly, it's just very picky about who it's friends are." :D If you want to learn Linux/Unix, don't be discouraged. There's lots of help available. Just be reasonable in setting your expectations. One wouldn't expect to master a CNC machine in a day (or even a month), even if all you want to do is drill a hole with it (something you can do with a $10 drill from Harbor Freight Tools). Don't be discouraged, just expect to put in some effort. Your effort will be rewarded. Linux is awesome and worth the effort. It's just a little picky who it's friends are.
Linux newbies have enough difficulty, and then they're steered in the direction of vi to edit text files. Makes no sense to me.
Nano ships with Debian distros and it's at least user friendly.
On 18/04/13 23:05, Paul M wrote:A book recommendation (fon't know if it has already been mentioned - too much quoted text to scroll through) is 'Learn Raspberry Pi with Linux - learn the ins and outs of Linux, the operating system that runs Raspberry Pi', by Peter Membrey & David Hows (Apress).
First couple of chapters deals with the very basics (unpacking, connecting, getting image onto SD, etc), Chapter 3 looks at the graphic interface (LXDE), theturns to Linux, e.g. basic commands, introduction to Bash, vi, files & paths, whilst the final 3 deal with WiPi (sic), a media centre & 'the Raspberry Spi' (using Pi with webcam to setup surveillance camera.
Disclaimers: I have entered into no agreements regarding mails erroneously sent to this address, and reserve the right to do as I wish with any such emails.--
72/73 TIM ALBERTSON KD∅OIA (ex KG6IRH)