After following http://archlinuxarm.org/support/guides/system/first-steps below are additional steps I take.
General Arch Linux ARM Tips
Never perform a system upgrade (pacman -Syu) without out reading any announcements since your last upgrade otherwise there is a good chance you will break your install if you don't. These can be found for Arch in general at http://www.archlinux.org/, http://archlinuxarm.org/, and the forum for your specific device on http://archlinuxarm.org/forum/.Additional SSH Server Security
Generate New SSH Host Keys
Arch Linux ARM ships with SSH host keys already generated you need to replace these instead of using the ones shipped with Arch Linux ARM. Most distributions with generate unique keys automatically Arch Linux ARM does not do this for you. If you have issues with entropy on your device see entropy section below.ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
Disable Root Login Over SSH
Make sure you have another user on the system that can su/sudo.adduser USERNAME
gpasswd -a USERNAME wheel
pacman -S sudo
visudo
Uncomment the line.
%wheel ALL=(ALL) ALL
Then save the file.
Then disable root login over SSH.
vi /etc/ssh/sshd_config
Change
#PermitRootLogin yes
to
PermitRootLogin no
For additional security I also recommend replacing password authentication with key based authentication. You can find more info on the Arch Linux Wiki (https://wiki.archlinux.org/index.php/SSH_Keys).
At this point you can either reboot or restart sshd and logout and back in.
Generating Entropy
https://wiki.archlinux.org/index.php/Pacman-key#Initializing_the_keyringYou may run across times where you need more entropy on a system for pacman-key --init and other tasks haveged can generate it for you.
pacman -S haveged
haveged -w 1024
RUN TASK
pkill haveged
If no longer needed you can remove it.
pacman -Rs haveged
No comments:
Post a Comment