rPi basic config and securing against hackers

Notes for myself as much as anything…

Install from Noobs

Change pi password



Get wifi working

sudo raspi-config

Check that wlan0 is getting an ip address




Update the rPi

sudo apt-get update

sudo apt-get upgrade


Change the ssh port to something other than 22

sudo nano /etc/ssh/sshd_config


# Port 22


Port newportnumber

ctrl-x save and exit

Restart SSH

sudo service ssh restart


Amend port forwarding on the router to reflect the new port number


Install fail2ban – this will block IP addresses of bots attempting to access the Pi

sudo apt-get install fail2ban

It should run as a service and be running after a restart, to check if its running

sudo /etc/init.d/fail2ban status

***Note we need to amend the config file***

sudo nano /etc/fail2ban/jail.local

enabled  = true
port     = sshportnumberfromearlier
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 6


Install no-ip, to update DNS with any IP changes

mkdir /home/pi/noip

cd /home/pi/noip

wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz

tar vzxf noip-duc-linux.tar.gz

cd noip-2.1.9-1

sudo make

sudo make install

sudo /usr/local/bin/noip2 starts the service.  To check the status:

sudo /usr/local/bin/noip2 -S

Have No-Ip run on startup

sudo nano /etc/rc.local

add the line /usr/local/bin/noip2 just above the exit 0


exit 0

To check no-ip is running

sudo /usr/local/bin/noip2 -S


So now, we have installed Raspbian, changed the default password, got everything up to date, changed the SSH port to something more obscure than the standard port 22, secured that port with fail2ban, and made the Pi reachable from outside the network.  Restarting the Pi along the way to check things are still running.

Check fail2ban is running

sudo /etc/init.d/fail2ban status

Check no-ip is running

sudo /usr/local/bin/noip2 -S