Raspberry PI SSH first contact
- the RPI is up and running, you the LEDs from the RPI and the USB-SSD
- in regular cases, the hostname from the RPI is "raspberry"
- you can control the hostname or get the right ipv4 adress from your router
- open SSH Client or use this command line/link to connect the RPI
- in case of error, use the ipv4 adress as the hostname
YourPathToPutty\PUTTY.EXE -ssh pi@raspberry -P 22 -pw raspberry
YourPathToPutty\PUTTY.EXE -ssh pi@ipv4adress -P 22 -pw raspberry
PI harden up
- change the password for user root and user "pi", remember the command sudo
- it's recommanded to use 24 signs that contains
A-Za-z0-9!"#$%&'()*+,-./:;<=>?@[]^_`{|}~
sudo passwd root
sudo passwd pi
- update the pi OS within two commands in ones, this can be take a time...
sudo apt-get update && sudo apt-get -y upgrade
- it's recommanded to set a fixed ipv4 adress and disable ipv6
(edit the /etc/dhcpcd.conf)
sudo nano /etc/dhcpcd.conf
- go to the # block and edit the following lines, remember #static ip6_address
(for example the router ip is 192.168.1.1 the pi ip will be 192.168.1.100)
# Example static IP configuration:
interface eth0
static ip_address=192.168.1.100/24
#static ip6_address=abcd:1234:......
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
- save and exit the file within the following keystokes:
str+o ENTER (save the file), str+x (close nano) - reboot the PI
sudo reboot
- change the ssh config, edit /etc/ssh/sshd_config
(it's recommanded to set a hiport like 1231 in this case or your choice but less than 65535)
sudo nano /etc/ssh/sshd_config
- go to the line that begin with Port.. and change 22 to your choice
further some settings to run ssh more safely
Port 1231
Protocol 2
PermitEmptyPasswords no
PermitRootLogin no
# Compression is optional
Compression yes
- save and exit the file within the following keystokes:
str+o ENTER (save the file), str+x (close nano) - reboot the PI
sudo reboot
- last step to harden the pi, install fail2ban to watch ssh access
(reconnect the pi per ssh on 1231 or your port)
YourPathToPutty\PUTTY.EXE -ssh pi@raspberry -P 1231 -pw raspberry
YourPathToPutty\PUTTY.EXE -ssh pi@ipv4adress -P 1231 -pw raspberry
- install fail2ban, documentation:
thomas-krenn.com SSH Login, fail2ban
ionos.de SSH Login, fail2ban
sudo apt install fail2ban
- generate and edit a own config file
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
- add the following settings (thomas-krenn.com)
ignoreip = 127.0.0.1/8
ignorecommand =
bantime = 3600
findtime = 600
maxretry = 3
- reboot the RPI
sudo reboot