First 2 things to do if you want to secure your Raspberry Pi on the internet.

If you connect your "Raspberry Pi", running Raspbian, to the internet it will be exposed to attackers. on the internet 

First
Since Raspbian comes with a preconfigured user (the "pi" user) everyone knows the username and the password to access your system. So first of all you have to change the password. Open a shell, login as pi user and issue the following command:

-$ passwd

You will be asked for a new password.

raspberry-pi
Second

If you have activated the ssh daemon, your system is exposed to simple (automated) brute force attacks. Normally the sshd port is the port number 22 everyone knows that! To avoid simple (automated) brute force attack, change the sshd port. 
Open a shell, login as pi user and execute the following steps:

  • open the /etc/sshd/sshd_config with your favourite editor
  • Search for "Port 22"
  • Change the previous line with a different value (you can should choose values greater than 1024) for example 11111

Port 11111

  • Restart the sshd service issueing the following command:

-$ /etc/init.d/ssh restart

  • Check the connection running the following command:

-$ ssh pi@127.0.0.1 -p 11111

That's all.

 

You may also like...

2 Responses

  1. Angelos says:

    don't forget fail2ban too !

  2. Steve says:

    I had to change the port forwarding on my router too.

    Steve.

Leave a Reply

Your email address will not be published. Required fields are marked *