the itjerk

my adventures with technology

Tag Archives: raspbian

raspbian buster

Almost forgot about my Raspberry Pi 3B+ that sits connected behind my television – for maybe a few months. It’s one of those “because I can” things. I did about a zillion updates to Stretch, but after changing the sources lists to the next OS, Buster, I ran out of room on the SD card (because I had initially used N00bs to write the card). Anyway, after downloading 7Zip – mandatory for unzipping Raspbian’s Stretch package with Windows – and balenaEtcher to write the microSD card with a fresh Buster image, I was quickly back up and running with a brand new OS for my Raspberry Pi.

Once I restarted the Pi and answered a few questions (country, timezone, wifi, password, display prefs), I reboot again and proceeded with 125 more updates! I chose Raspbian Buster with Desktop, which includes a GUI, Chrome and a few apps, and is just what I need on my Pi; no need for all the “recommended” software. I must say, Buster runs like a champ and looks a lot better on my 1080p display than any previous version. Bravo Raspbian, I might even use it more often!

On the web:
Download Raspbian for Raspberry Pi

raspberry pi, part two

After nearly five months on order, I got another Raspberry Pi model B last week, this one upgraded to 512mb RAM. Its running the October 28th release of Raspbian "Wheezy", and for some reason, only Ubuntu's Image Writer would get it working properly on my 8GB SDHC card. The Pi's performance is much snappier than the previous one reviewed, due to the extra memory and four months of work on the Debian-based OS.

*** FYI: Remember, that SD card is your hard drive, and by most estimations, not the most reliable format in the world. Keep it backed-up, have a spare or two around, SD cards are inexpensive! And please be sure to shutdown the RPi correctly using "sudo halt" or similar. This will help keep that SD card uncorrupted. ***

New this time is the raspi-config command that ran on first boot. Among the several options available is the ability to overclock, which I eagerly set to high. The good folks at Raspberry Pi claim it will not void the warranty. Even though web browsing is sluggish, the performance of this board seems good enough now for desktop use. Beware, however, some seem to believe that this leads to SD card corruption!

BTW, total cost of ownership: Raspberry Pi $43.02 for the board delivered, plus SD card, video adapter, power stuff, etc comes to $65; plus I'm using an old Apple keyboard & mouse, ethernet, and a spare monitor.

Right off the bat, I had to edit /etc/default/keyboard and edit the keyboard language from "gb" to "us" to get the @ sign to type right. You can also do this with raspbi-config, and be sure to run "sudo setupcon" right away to avoid delays in rebooting. After a perfunctory update && upgrade, I added the tsocks package which allows me to use a SOCKS connection with the Midori browser.

Open /etc/tsocks.conf, comment out all lines except:

server = 127.0.0.1
server_type = 5
server_port = 1080

Then open a ssh connection to your the computer you want to tunnel through, using the same port above:

ssh -D localhost:1080 tunnelcomputer.com

Finally, open the browser, using the tsocks argument first (you can do this with most any program!)

tsocks midori

Viola! Go to whatismyip.com and verify yor SOCKS connection. But remember, DNS request don't go through SOCKS in the Midori browser. (IceWeasel, the Debian version of Firefox, can).

Next, I installed mpc and mpd software, which allow playing audio streams over the internet.

sudo apt-get install mpd mpc

If you man mpc, you can get a list of commands available, but here's how to add an internet stream and play it. Note that when you start/restart the RPi, your stream will immediately start! I'm playing the Shoutcast address for prog station Stellar-Attraction.

sudo mpc add http://stellar-attraction.net:8000/
mpc play

You can also load a folder by cd'ing to it, and then telling mpc to queue it up:

mpc ls | mpc add
mpc play

Pretty slick. Loads of commands, like shuffle, current, clear, etc. More about MPC and MPD here.

Other things to install for music are:

sudo apt-get install moc libflac-dev

Next, let's see if I can stream my Squeezebox Server from home (have to open ports on the router first)!

ssh-keygen

There's a couple of reasons to use keys for ssh connectivity, but not entering a password has to be at the top of the list.

[EDIT: This first part was written for MAC OS X].
First, create a key pair with dsa encryption on your local machine: BTW, I didn't enter a passphrase because I don't want to enter one later when I connect. Make sure you have a secure console if you skip this option.

one:~ one$ ssh-keygen -t dsa
one:~ one$ ls .ssh
id_dsa      id_dsa.pub	        known_hosts

Copy the public key to the remote server you wish to connect to:

one:~ one$ scp .ssh/id_dsa.pub user@two:~
Password:
id_dsa.pub                                    100%  635     0.6KB/s   00:00  

ssh to the remote server, and move the key to the right place and fix permissions so only the user you logged in as can use it:

one:~ one$ ssh user@two
Password:
two:~ user$ mv id_dsa.pub .ssh/authorized_keys
two:~ user$ chmod 600 .ssh/authorized_keys 

if you have more than one key, then you need to cat them onto authorized_keys:

cat new_key.pub >> .ssh/authorized_keys

Now log in to the remote server and you won't be prompted for a password! It may also be a good idea to regenerate the keys after a period of time, especially if you don't use a passphrase.

[EDIT: This was revised for Ubuntu/Raspian] Create a key pair with rsa encryption on your local machine (this is the machine you will login FROM, e.g. one): BTW, I didn't enter a passphrase because I don't want to enter one later when I connect. Make sure you have a secure console if you skip this option.

one:~ one$ ssh-keygen -t rsa
one:~ one$ ls .ssh
id_rsa      id_rsa.pub	        known_hosts
one:~ one$ ssh-add
Identity added: /home/one/.ssh/id_rsa (/home/one/.ssh/id_rsa)

Copy the public key to the remote server you wish to connect TO, e.g. two:

one:~ one$ scp .ssh/id_rsa.pub user@machine_two:~
Password:
id_rsa.pub                                    100%  635     0.6KB/s   00:00  

ssh to the remote server, cat the key to the right location, and fix permissions so only the user you logged in as can use it:

one:~ one$ ssh user@machine_two
Password:
machine_two:~ user$ cat id_rsa.pub >> .ssh/authorized_keys
machine_two:~ user$ chmod 600 .ssh/authorized_keys
machine_two:~ user$ rm .id_rsa.pub

If you're using an encrypted home folder (as you very well should), you'll need a couple of extra steps to get everything to work.

First, create a folder /etc/ssh/<user name>, chown it to <user name> and give it 755 permissions. Next, copy the authorized_keys file to it, ensure <user name> owns it and give it 644 permissions. Then, add this line in your /etc/ssh/sshd_config file:

AuthorizedKeysFile /etc/ssh/%u/authorized_keys

Restart the ssh service and you should be good to go. Note that you will need to mount your encrypted home folder once you ssh in (ecryptfs-mount-private).