Friday, 27 July 2012

setting up ssh and vnc on a raspberry pi

my raspberry pi arrived the other day and i've been playing with it a bit so thought i would share my experiences of setting it up etc...

first of all i followed the quick start guide on the raspberry pi website to get the OS (Raspbian "wheezy") up and running.

i ran into trouble with my USB keyboard as it's a Dell SK-8135 which requires more power than the pi's USB ports can deliver. because of this, getting ssh enabled became a top priority. another driver for enabling ssh was the fact that i wanted to use my TV for important things; like watching TV.

fortunately it's very easy to get ssh up and running. from a terminal...
sudo raspi-config
from the menu select the ssh option, that was easy.

as i mostly use windows i like to use PuTTY for ssh. i would recommend downloading the installer rather than the individual program as it creates start menu shortcuts and installs PuTTYgen which you can use for generating public/private key pairs and Pageant which you can use to automate public key logins.

some simple things to improve security of the ssh server...

change the password for the user pi. from a terminal:
enter the current password (default is raspberry). then enter a new one. if you plan on exposing the ssh server to the outside world i suggest you make it something strong as people regularly scan the open internet looking for ssh servers to run brute-force password attacks against.

i would strongly suggest at this point that you read the following HOWTO on securing ssh and at least implement steps 1 and 2. step 1 is not strictly necessary as no root password is set by default so root login would not be possible, but it's good practice to disable root logins on ssh anyway.

setting up the public key authorisation for login may seem like a ballache, but it's worth it for the time saving as well as the security.

so with ssh set up, and the TV returned to regular duties, i decided that i would like to be able to access an X desktop remotely as well. 

this is also quite easy. you will need to download the UltraVNC viewer and install it.

ssh into the pi and do the following:
sudo apt-get install tightvncserver
say yes at the relevant moment to proceed with the install. once it's done you can start the server with:
vncserver :1 -geometry 1680x1050 -depth 16 -pixelformat rgb565
note the lack of sudo on the front. we don't want to run this with root privileges as it would mean when you connect everything you do runs with root privileges. this can lead to bad things happening. sudo is there for a reason :)
the first time you run it you will be asked to specify a password for connecting. you also have the option of specifying a password that allows only viewing, i didn't bother.

fire up ultravnc and put in the ip of the pi followed by :1 to specify display 1 (this relates to the :1 in the command starting the vnc server). click connect, enter the password and you should see the pi's desktop.

in order to automate the startup of the vnc server at boot time i followed the instructions found here.
i used the following command in my /etc/init.d/bootup script:
sudo -u pi vncserver :1 -geometry 935x950 -depth 16 -pixelformat rgb565
i used sudo -u pi to make it run as user pi, otherwise it runs as root. the reason i chose the geometry 935x950 is because my laptop display is 1920x1080. in windows 7 you can use the Win key + left or right to make a window take up half of the screen on the left or right. the chosen geometry is based on operating in this manner. that way i can have putty on one side and ultravnc on the other.

if you have never heard of the linux program screen now would be a good time to become acquainted with it as it is extremely useful when remote accessing machines. in a nutshell you can have multiple shells that you can switch between, and should your connection drop you can reconnect and re-attach to the windows and carry on as you were. a nice tutorial is available here.

No comments:

Post a Comment