personal blog
git clone git://
Log | Files | Refs | README (7933B)

      1 ## Mmmm Pi
      3 By now everybody has at least heard of the [Raspberry Pi]( It's an affordable (~£30) little computer designed to enable anybody to learn to code and build projects. It has become a great hit in education and there have been some incredible uses from drones to (mini)supercomputers. Most people however seem to use it as a media server (based on people I know).
      5 I actually won my first Pi. My team was voted the regional winner in our category for the 2016 NASA Space Apps Challenge. The prize was a Raspberry Pi 3, which has some advantages over previous versions - namely a more powerful CPU, wireless LAN (Wifi) and bluetooth.
      7 There were some good intentions to build a drone, and I spent a long time looking at other people's projects. In the end my Pi sat on my desk collecting dust. Finally I decided I was going to do two things with it, first I was going to use it to run my own VPN, and second I wanted to set up my mail server on it. I have decided to use [Raspbian](
      9 *Raspbian?!* Yes, as some of you may know I am not a fan of the Debian based distros. I tend to choose Arch Linux or Fedora. As a Linux engineer my work is saturated with Red Hat so it's good for me to know Fedora.
     10 So Rasbian was not my first choice, but it is the choice that worked out of the box. I had some issues installing Arch Linux ARM, and post installation issues with Fedora ARM.
     11 As you'll see later Raspbian installs quickly and with no issues. This meant I could move on to the fun bit instead of fault finding.
     13 ## VPwhat?
     15 A VPN is a Virtual Private Network. It allows you to connect to your own 'private' network through any other 'public' network securely. If you imagine you home network is your private network, if you go to a friends house you can connect to their wifi (public network). If you then connect to you VPN everything you do is being tunneled through your own private network.
     17 The reasons for this are primarily security. By tunnelling your network activity through your VPN then you can be safe from any monitoring on the public network and even the ISP. Another advantage is that the VPN is basically an extension of your home network, which means you can access all the devices and files you have at home.
     19 VPNs are used extensively by corporations so their employees can access the company network from anywhere in the world. They are also used by people who travel a lot and are therefore connecting to many different public networks.
     21 ## Mail electronically
     23 Some of you may have read my first post about [DeGooglefying](/content/20170412-degoogle_part_1.html) (yes it's a word) my life. As part of this transition I moved to using my own domain for emails, and I though the Pi would be a great little mail server.
     25 ## Raspbian install
     27 Before we can set up our VPN we need to put an OS on the Pi. As mentioned above I have opted for Raspbian. At the time of writing the stable release is 'Jessie', I chose the Lite version as I don't need a desktop for my uses.
     29 After downloading the zip archive extract the [image file]( If you're using Windows you will need to use an application such as [Etcher]( to write the image file to an SD card, which will be used in the Pi. For this guide I'm using Linux, so I can use the `dd` utility.
     31 A quick side note on SD cards. One thing that catches a lot of people out is the read and write speeds. Most cards will show you the read speed, which can be quite high. If you pay close attention to the small print the write speeds aren't always very high. I went for a card which had pretty high read AND write speeds so that I get the best I/O for my OS. The card I am using is a [PNY 32GB Elite-X microSDHC U3]( (from around £20), which has read speed of ~90Mbps and benchmarked write speeds between 70 -> 85Mbps. These speeds vary depending on the devices but for it will be suitable for the Pi.
     33 Run the `lsblk` command to see the current devices, plug your SD card into your Linux machine the run again to get the device name of the SD card
     34 ```
     35 lsblk
     36 NAME                    MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
     37 sdd                       8:48   1  29.9G  0 disk
     38 ```
     40 If your machine automatically mounts the device you will need to unmount it
     41 ```
     42 umount /dev/sdd
     43 ```
     45 Copy the image file to our SD card. We are using a bytesize of 4M as recommended on the Raspbian site, if this doesn't work you can try 1M
     46 ```
     47 dd bs=4M if=2017-04-10-raspbian-jessie-lite.img of=/dev/sdd
     48 ```
     50 You can now see that the partitions have been created on the card (a 32GB card may seem like a waste of space but we will come back to that later)
     51 ```
     52 lsblk
     53 NAME                    MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
     54 sdd                       8:48   1  29.9G  0 disk
     55 ├─sdd2                    8:50   1   1.2G  0 part
     56 └─sdd1                    8:49   1    41M  0 part
     57 ```
     59 As of November 2016 Raspbian does not enable ssh by default. This can be an issue if you don't have a monitor or TV with a HDMI port, or a HDMI cable! We can get around that by mounting the newly created boot partition and adding a file called "ssh".
     60 ```
     61 mount /dev/sdd1 /mnt
     62 touch /mnt/ssh
     63 umount /mnt
     64 ```
     65 If you are able to plug your Pi into a monitor or TV it is worth watching it boot, always nice to have "eyes on" in case of any errors.
     67 Once this has finished remove the SD card from your machine and plug into the slot on Pi. I will always use ethernet with my Pi, so plug it in and power it up. The first time you boot it is best to leave it for a few minutes. The system does some checks and then boots up. You should have a solid red light and a flashing green light.
     69 There are a couple of ways to find what the IP address is of your Pi. If you have it plugged in to a monitor the IP address will be showing in the boot messages. If, however, you're attempting a headless setup then you can use `nmap` or `arp`. Both are straight forward.
     71 ```
     72 nmap -sn
     73 ```
     75 ```
     76 arp -n
     77 ```
     79 Connect using `ssh`. The default user is `pi` and the default password is `raspberry`
     80 ```
     81 ssh pi@
     82 ```
     84 These next few steps depend on your own personal preferences, so feel free to skip/adjust them as necessary.
     86 Create a new privileged user
     87 ```
     88 sudo useradd -g users -G sudo -m -d /home/pyratebeard pyratebeard
     89 sudo passwd pyratebeard
     90 exit
     91 ```
     93 Log back in as your new user and remove the default user `pi`
     94 ```
     95 sudo userdel -r pi
     96 ````
     98 Change the hostname
     99 ```
    100 sudo hostnamectl set-hostname phishpi
    101 ```
    103 Open up the hosts file and change the last line from
    104 ```
    105   raspberrypi
    106 ```
    107 to whatever you changed your hostname to
    108 ```
    109   phishpi
    110 ```
    112 Open up the ssh config file
    113 ```
    114 sudo vi /etc/ssh/sshd_config
    115 ```
    117 We're going to change the following lines (they aren't listed together)
    118 ```
    119 Port 22
    120 PermitRootLogin without-password
    121 X11Forwarding yes
    122 ```
    123 to
    124 ```
    125 Port 2222
    126 PermitRootLogin no
    127 X11Forwarding no
    128 ```
    129 *you can change the port to whichever one you prefer.
    131 Now restart the ssh daemon
    132 ```
    133 sudo systemctl restart ssh
    134 ```
    136 Keep in mind that when you want to ssh in to the Pi from now on you will need to specify the port, for example
    137 ```
    138 ssh -p 2222 pyratebeard@phishpi
    139 ```
    141 Finally we want to perform an upgrade
    142 ```
    143 sudo apt-get update && sudo apt-get upgrade
    144 sudo reboot
    145 ```
    147 After this you can start installing your favourite terminal apps, and any applications you want to run off your Pi. There are plenty of other system settings you can configure based on your personal preference, I would certainly set up SELinux and do some system hardening relevant to my needs, but that could take up a whole post by itself!
    149 As mentioned at the start, the purpose of my Pi is to run a VPN and a mail server. The upcoming log posts will cover these steps.