All the software used to configure a complete home automation system needs an operating system to run on. The majority of the systems in our architecture use Raspbian Jessie Lite running on a Raspberry Pi 3. I like the lite version of Raspian because it has any graphical user desktops, educational software, and other non-essential components removed. This leaves us with the most efficient and safe starting point possible while also leaving as much storage space free as possible.
Below are the steps to install and configure the operating system and secure it before installing any desired software.
- Install Rasbian Jessie lite using PiBakery
- Upgrade the OS and Kernel
- Set the Host and User names
Future posts will cover needed configurations such as:
- Configure certificate based ssh
- Clone and re-use a configured image
- Backup files on a regular basis
Step One Install Raspian Jessie Lite on a Raspberry Pi 3
The installation methodology uses the following principles and assumptions
- Use the light version because it omits most of the educational software, desktops, and other unnecessary packages.
- To install in a totally headless (no keyboard, no mouse, no monitor) fashion use PiBakery from pibakery.org
- There are many distros of Raspbian with software pre-installed (like Home Assistant), I like doing the full install myself because then I know exactly how it is configured and if it is secured to my standards.
- The OS would never be directly connected to the internet (this means there is a router with an active firewall between the Pi and the internet and the Pi will never be put in a DMZ)
- Each OS is a single use server (each functions such as Home Assistant and MQTT will have its own Raspberry Pi)
- the Raspberry Pi is physically secure
- configuration is done before any port forwarding is set up on connected router.
Logon via Putty update the package deffinition files, upgrade installed packages, and upgrade the Raspberry Pi kernel
sudo apt-get update sudo apt-get upgrade -y sudo apt-get install raspberrypi-kernel
Set a Strong Password for default account (default is raspberry and everyone knows it)
Change username(from pi to something else)
- Change the password for root
sudo passwd root
- enable root account to logon to SSH
- Add an entry to allow root logon via ssh
- save sshd_config [ctrl]+x,[enter],[enter]
- Log off and back in with username root and the password you just created for it.
- Modify the pi account to new username
usermod -l newname -d /home/newname -m pi
- Log off and log back on as your new user name
- Lock the root account
sudo passwd -l root
(locks root again)
- Disable root accounts ability to logon via SSH
sudo nano /etc/ssh/sshd_config
- Turn off sudo password check for the new user name
sudo nano /etc/sudoers.d/010_pi-nopasswd
- Change the username pi to new username in file
- Save file
- Rename sudo file to indicate new sudo username
sudo mv /etc/sudoers.d/010_pi-nopasswd /etc/sudoers.d/010_haadmin-nopasswd
- Change the host name (also may have already been done during setup):
Sudo nano /etc/hosts
Change the line that starts with 127.0.1.1. leave the IP address but change the host name on that line (from raspberrypi to hass-pi for example)
sudo nano /etc/hostname
replace the old hostname with the new hostname you used in the last step.
(commit the changes)
- Reboot so the new host name registers with the router.