rPi basic config and securing against hackers

Notes for myself as much as anything…

Install from Noobs

Change pi password



Get wifi working

sudo raspi-config

Check that wlan0 is getting an ip address




Update the rPi

sudo apt-get update

sudo apt-get upgrade


Change the ssh port to something other than 22

sudo nano /etc/ssh/sshd_config


# Port 22


Port newportnumber

ctrl-x save and exit

Restart SSH

sudo service ssh restart


Amend port forwarding on the router to reflect the new port number


Install fail2ban – this will block IP addresses of bots attempting to access the Pi

sudo apt-get install fail2ban

It should run as a service and be running after a restart, to check if its running

sudo /etc/init.d/fail2ban status

***Note we need to amend the config file***

sudo nano /etc/fail2ban/jail.local

enabled  = true
port     = sshportnumberfromearlier
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 6


Install no-ip, to update DNS with any IP changes

mkdir /home/pi/noip

cd /home/pi/noip

wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz

tar vzxf noip-duc-linux.tar.gz

cd noip-2.1.9-1

sudo make

sudo make install

sudo /usr/local/bin/noip2 starts the service.  To check the status:

sudo /usr/local/bin/noip2 -S

Have No-Ip run on startup

sudo nano /etc/rc.local

add the line /usr/local/bin/noip2 just above the exit 0


exit 0

To check no-ip is running

sudo /usr/local/bin/noip2 -S


So now, we have installed Raspbian, changed the default password, got everything up to date, changed the SSH port to something more obscure than the standard port 22, secured that port with fail2ban, and made the Pi reachable from outside the network.  Restarting the Pi along the way to check things are still running.

Check fail2ban is running

sudo /etc/init.d/fail2ban status

Check no-ip is running

sudo /usr/local/bin/noip2 -S


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: