Base Installation of Raspbian Jessie Lite For Use In Home Automation Architectures

 

All the software used to configure a complete home automation system needs an operating system to run on.  The majority of the systems in our architecture use Raspbian Jessie Lite running on a Raspberry Pi.  I like the lite version because it has any graphical user desktops, educational software, and other non-essential components removed.  This leaves us with the most efficient and safe starting point possible while also leaving as much storage space free as possible.

Below are the steps to install and configure the operating system and secure it before installing any desired software.

  • Install Rasbian Jessie lite using PiBakery
  • Upgrade the OS and Kernel
  • Set the Host and User names

Future posts will cover needed configurations such as:

  • Configure certificate based ssh
  • Clone and re-use a configured image
  • Backup files on a regular basis

Step One Install Raspian Jessie Lite on a Raspberry Pi 3

  • The installation methodology uses the following principles and assumptions
    • Use the light version because it omits most of the educational software, desktops, and other unnecessary packages.
    • To install in a totally headless (no keyboard, no mouse, no monitor) fashion use PiBakery from pibakery.org
    • There are many distros of Raspbian with software pre-installed (like Home Assistant), I like doing the full install myself because then I know exactly how it is configured and if it is secured to my standards.
    • The OS would never be directly connected to the internet (this means there is a router with an active firewall between the Pi and the internet and the Pi will never be put in a DMZ)
    • Each OS is a single use server (each functions such as Home Assistant and MQTT will have its own Raspberry Pi)
    • the Raspberry Pi is physically secure
    • configuration is done before any port forwarding is set up on connected router.
  • Upgrade OS:
    • sudo apt-get update
    • sudo apt-get upgrade -y
    • sudo apt-get install raspberrypi-kernel
  • Logon via Putty
  • Set a strong password
    • Passwd
  • Change username (from pi to something else)
    • Enable root account to logon to SSH
      • sudo passwd root
      • nano /etc/ssh/sshd_config
        • PermitRootLogin no
    • Log off and back in with username root and the password you just created for it.
    • Modify the pi account to new username
      • usermod -l newname -d /home/newname -m pi
      • Log off and log back on as your new user name
    • Lock the root account
      • sudo passwd -l root (locks root again)
    • Disable root account to logon to SSH
      • sudo nano /etc/ssh/sshd_config
        • PermitRootLogin no
  • Turn off sudo password check for the new user name
    • sudo nano /etc/sudoers.d/010_pi-nopasswd
    • Change the username pi to new username in file
    • Save file
  • Rename sudo file to indicate new sudo username
    • sudo mv /etc/sudoers.d/010_pi-nopasswd /etc/sudoers.d/010_haadmin-nopasswd
  • Change the host name (also may have already been done during setup):
    • Sudo nano /etc/hosts
      • Change the line that starts with 127.0.1.1. leave the IP address but change the host name on that line (from raspberrypi to hass-pi for example)
    • sudo nano /etc/hostname
      • replace the old hostname with the new hostname you used in the last step.
    • sudo /etc/init.d/hostname.sh (commit the changes)
  • Reboot so the new host name registers with the router.

 

Advertisements