Base Installation of Raspbian Jessie Lite For Use In Home Automation Architectures

All the software used to configure a complete home automation system needs an operating system to run on.  The majority of the systems in our architecture use Raspbian Jessie Lite running on a Raspberry Pi 3.  I like the lite version of Raspian because it has any graphical user desktops, educational software, and other non-essential components removed.  This leaves us with the most efficient and safe starting point possible while also leaving as much storage space free as possible.

Below are the steps to install and configure the operating system and secure it before installing any desired software.

• Install Rasbian Jessie lite using PiBakery
• Upgrade the OS and Kernel
• Set the Host and User names

Future posts will cover needed configurations such as:

• Configure certificate based ssh
• Clone and re-use a configured image
• Backup files on a regular basis

Step One Install Raspian Jessie Lite on a Raspberry Pi 3

The installation methodology uses the following principles and assumptions

• Use the light version because it omits most of the educational software, desktops, and other unnecessary packages.
• To install in a totally headless (no keyboard, no mouse, no monitor) fashion use PiBakery from pibakery.org
• There are many distros of Raspbian with software pre-installed (like Home Assistant), I like doing the full install myself because then I know exactly how it is configured and if it is secured to my standards.
• The OS would never be directly connected to the internet (this means there is a router with an active firewall between the Pi and the internet and the Pi will never be put in a DMZ)
• Each OS is a single use server (each functions such as Home Assistant and MQTT will have its own Raspberry Pi)
• the Raspberry Pi is physically secure
• configuration is done before any port forwarding is set up on connected router.

Upgrade OS:
Logon via Putty update the package deffinition files, upgrade installed packages, and upgrade the Raspberry Pi kernel

sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install raspberrypi-kernel

Set a Strong Password for default account (default is raspberry and everyone knows it)

Passwd

Change username(from pi to something else)

• Change the password for root

  sudo passwd root

• enable root account to logon to SSH

  nano /etc/ssh/sshd_config

• Add an entry to allow root logon via ssh

  PermitRootLogin yes

• save sshd_config [ctrl]+x,[enter],[enter]
• Log off and back in with username root and the password you just created for it.
• Modify the pi account to new username

  usermod -l newname -d /home/newname -m pi

• Log off and log back on as your new user name
• Lock the root account

  sudo passwd -l root

  (locks root again)

• Disable root accounts ability to logon via SSH

  sudo nano /etc/ssh/sshd_config

  PermitRootLogin no

• Turn off sudo password check for the new user name

  sudo nano /etc/sudoers.d/010_pi-nopasswd

• Change the username pi to new username in file
• Save file
• Rename sudo file to indicate new sudo username

  sudo mv /etc/sudoers.d/010_pi-nopasswd /etc/sudoers.d/010_haadmin-nopasswd

• Change the host name (also may have already been done during setup):
  

  Sudo nano /etc/hosts

   

  
  Change the line that starts with 127.0.1.1. leave the IP address but change the host name on that line (from raspberrypi to hass-pi for example)

• sudo nano /etc/hostname

  replace the old hostname with the new hostname you used in the last step.

• sudo /etc/init.d/hostname.sh

  (commit the changes)

• Reboot so the new host name registers with the router.