RasPi2 Series II - Secure SSH + Static ip + DynDNS

1. Objective: change SSH settings, change network (static ip), configure DynDNS 

Setup: Lenovo Yoga 13 (2012) Arch
Hardware Requirements: Raspberry Pi 2, MicroSD Card, ssh access

2. Realisation:

  • I assume, you have finished the first part of this series or the state of your device resembles it.
  • SSH to your RasPi2.
    $ ssh <user>@<RasPi2_ip>
  • Change ssh login method to two-factor authentication
    Why? --> Checking your server logs should give you the answer. 
    Install FreeOTP / Google Authenticator on your phone (Android/iPhone/Blackberry)
    Install libpam-google-authenticator from AUR
    $ yaourt -Sy libpam-google-authenticator
    You will recieve an error when building. 
    ➟ Edit PKGBUILD , and change line 7 (might be a little different)
     arch=('i686' 'x86_64')
    ➟ to ➟ 
     arch=('i686' 'x86_64' 'armv7h')
    Continue and finish the build / installation process
    Edit pam config file
    $ sudo nano /etc/pam.d/sshd
    Add the following line
     auth    required    pam_google_authenticator.so
    Edit ssh server config file
    $ sudo nano /etc/ssh/sshd_config
    ➟ Add the following line (line 76 for me)
     ChallengeResponseAuthentication yes
    Run google authenticator and note your secret key, verification code, emergency scratch code
    $ google-authenticator
    Answer yes (time-based token), answer yes (update /home//.google_authenticator), answer yes (disallow multiple uses), answer no (increase token validity), answer yes (rate limiting)
    Open FreeOTP or Google Authenticator; Scan the QRCode that is provided at the given url, or
    Add the key manually: @ Secret ➟ Secret Key Type ➟ TOTP Digits ➟ 6 Algorythm ➟ SHA1 Restart sshd service Login with: Passwort ➟  Verification Code ➟ 
  • Configure static ip
    Find the adapter name: most likely eth0 for the RPi2
    Disable the dhcpcd service to prevent the RPi requesting the offered ip.
     $ sytemctl disable dhcpcd@eth0.service
    Make sure, that all other services, that might interfer with our configuration are disabled.
     $ sytemctl disable ifplugd@eth0.service
     $ sytemctl disable netctl-auto@eth0.service
     $ sytemctl disable netctl-ifplugd@eth0.service
    I ran into **** problems because I accidently activated several netctl services in a desperate attempt to get this to work.
    Create ethernet adapter configuration file²
     $ sudo nano /etc/systemd/network/eth0.network
    Replace eth0 with your adapter name if neccessary
    Add the following text to the adapter service file
    [match]
    Name=eth0
    [network]
    DNS=8.8.8.8
    Address=
    Gateway=
    Further information can be found here².
    Reboot and login
  • Configure DynDNS with ddclient
    I use spdns.de as DynDNS provider, ddclient to register the changed ip with the provider
    Install ddclient
    $ sudo pacman -Sy ddclient
    Edit ddclient.conf --> Explanation here
     $ sudo nano /etc/ddclient/ddclient.conf

    3. Sources:

    ¹https://wiki.archlinux.org/index.php/Google_Authenticator 
    ²https://wiki.archlinux.org/index.php/systemd-networkd
    ³https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-two-factor-authentication
    ⁴http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/
    ⁵http://en.wikipedia.org/wiki/Google_Authenticator

RasPi2 Series I - Install ArchARM + First Steps

1. Objective: 

Install ALARM - Arch Linux ARM on the raspberry 2, change SSH settings, change network (static ip)
Setup: Lenovo Yoga 13 (2012) Arch
Hardware Requirements: Raspberry Pi 2, MicroSD Card

2. Realisation:

  • Read and work through this guide¹.
    Command not found error when formatting...
Continue reading...

Switching from Kubuntu 14.04 to Manjaro 0.8.10

1. Initial situation:

Lenovo Yoga 13 (2012) with Kubuntu 14.04 LTS, first hard drive sda=Crucial M4 CT256, second hard drive sdb=Crucial CT480M
Previous knowledge: Creating a bootable USB drive, basic Linux shell commands
Tools: unetbootin

2. Objective: 

Lenovo Yoga 13 (2012) with Manjaro 0...

Continue reading...