It was time to replace the venerable Raspberry Pi (Model B Plus Rev 1.2) that has been the main workhorse of our home automation system for over a year. A Raspberry Pi 3 B will be used from now on. The old Model B+ will replace an even older Model A that was also hosting a home automation system. This is the first post recording the details of the installation of a home automation system based built around Domoticz on both of these Raspberry Pi models with Raspbian Buster Lite as the operating system.

The installation is described over three posts. The first one is about installing and updating the operating system. The second is about installing the most important servers that I use in my home automation system. The third is about peripherals added to the Raspberry Pi.

I have done this before, but with older versions of the operating system and the home automation software. Some things have changed and hopefully I have learned a few things since those earlier installations.

This series of posts could be of interest mostly to new fans of small single-board computers, in this case the Raspberry Pi. Assuming that many of these would be new to Linux, I have added sidebars entitled Information for neophytes in which I ramble about what that I think could be of help to beginners.

New to Linux

GNU/Linux or simply Linux is a mature open source Unix-like operating system which can run on numerous hardware platforms including Intel, AMD and ARM 32 and 64-bit processors. Many, including myself, see Linux distributions such as Debian and Manjaro (and their many variants: Ubuntu, Mint and so on) as viable alternatives to the ubiquitous Windows and Mac OS commercial operating systems. Right now, you are probably using one of these systems to read this. In all of these GUI systems, most everything can be done with the usual point and click mouse operations with the occasional data entry into text windows. To be fair, some arcane settings will require "dropping down" into a terminal or console (emulating a physical computer terminal) to issue commands at a prompt as in the "old days".

CP/M 80 prompt The CPM/80 ">" prompt, when pip was not a Python utility!

Windows cmd prompt The Windows 10 cmd ">" prompt.

Mac OS cmd prompt Mac OS terminal "$" prompt (on a borrowed Mac).

Ubuntu terminal prompt The Ubuntu (Linux) terminal "$" prompt (on my desktop).

Raspbian is a Debian based Linux distribution for the Raspberry Pi. It is probably the most commonly used distribution on this family of single board computers. Raspbian comes in three flavours, two with a GUI desktop similar to what I have on my Ubuntu desktop machine and Raspbian Lite which does not have a graphic user interface. It is suitable for machines that are to be used for servers that are not used for personal tasks like sending emails or looking at YouTube videos. This is the version that I installed on the Raspberry Pi that will host the home automation system. Since there is no GUI, setting up the system has to be done with text commands.

Raspbian LXTerminal prompt The Raspbian LXTerminal "$" prompt (on Raspbian Desktop).

I cannot go into a lengthy tutorial about Linux commands. This post is already too long, but the real reason there will be no detailed discussion of Linux command is that I am not knowledgeable enough to undertake the task. Instead I will defer to two sites with lists of the most important commands, which will prove to be a good starting point for the newcomer.

Linux commands by the Raspberry Foundation.
57 Raspberry Pi commands that everyone should know by Patrick at RaspberryTips

Do not worry, there is no need to memorize 57 commands before starting. Here is the list of Linux commands found in this post, which is far from using all those commands listed above.

adduser apt avahi-browse crontab cd chmod cp exit ifconfig logout ls lsusb mkdir nano reboot shutdown ssh sudo tar touch wget

Be careful with some of these commands. I have lost work when I carelessly typed a command such as reboot without looking at the prompt. Instead of shutting down a Raspberry Pi, I entered the command in a Ubuntu terminal with the obvious consequence that my desktop computer became very quiet very quickly. You have been warned.

Already Have Raspbian Running?

If Raspbian is already running on the Raspberry Pi, then it would be a good idea to back up configuration files, images, scripts and so on for the major programs that will be reinstalled later.

If you have a Linux-based desktop computer, then the SD card can be kept and placed in a reader. It will then be possible to access everything in the old system. Better yet, make a backup and mount the image, leaving the SD card in a safe place.

If you are upgrading to Buster from an older version of Raspbian on the same Rapsberry Pi, you could try in-situ upgrading. If it works then in principle, the configuration for all the installed packages will be in place. While the Raspberry Pi Foundation does give instructions on doing this, it gives the following warning.

We do not recommend upgrading an existing Stretch (or earlier) system to Buster – we can’t know what changes everyone has made to their system, and so have no idea what may break when you move to Buster. However, we have tested the following procedure for upgrading, and it works on a clean version of the last Stretch image we released. That does not guarantee it will work on your system, and we cannot provide support (or be held responsible) for any problems that arise if you try it. You have been warned – make a backup!

Source: Buster – the new version of Raspbian

Past experience tells me that I cannot take the SD card from the older Raspberry Pi, stick it into the SD slot of the newer Pi and then try to update the operating system. So this is a tabula rasa install of Buster for the most part. Nevertheless, it is quite useful to save some configuration files, scripts, etc. for re-use in the new system or at the minimum for comparison with the new system.

Saving User Scripts and Environment

As shown near the end of this post, I created a hidden local directory in which I saved useful Bash scripts. In addition two hidden files that define the user environment were modified. All this is saved for future reference.

Path	Description
`/home/pi/.local/bin/mkvenv`	Bash script to create virtual Python 3 environments
`/home/pi/.local/bin/webcam-streamer`	Bash script to control a webcam (part 3 of this series)
`/home/pi/.local/bin/time2mqtt`	Bash script publishing current time to some home automation devices (will be explained in the future)
`/home/pi/.bashrc`	Local configuration file for the `bash` shell
`/home/pi/.profile`	Local Bash script executed on login

Saving Python Scripts and Environment

It's almost as if I had planned it; the Python scripts that are used by the home automation system are in a Python virtual environment named syspy . It is very simple matter to create a list of Python packages added to the virtual environment to be able to recreate it elsewhere.

pi@raspberrypi:~ $ ve syspy (expands to syspy/bin/activate) (syspy) pi@raspberrypi:~ $ pip freeze > syspy-requirements.txt

I saved the following files to recreate the virtual environment later on.

Path	Description
`/home/pi/syspy/syspy-requirements.txt`	Pip installed Python packages in `syspy` virutal environment
`/home/pi/syspy/checkip`	Script that reports Internet facing IP address of the LAN
`/home/pi/syspy/temps`	Script that reports the ambient temperature and CPU temperature to Domoticz
`/home/pi/syspy/temps`	Simple script to send emails

Saving Cron Data

Here's another area where fixes and tweaks have been accumulated and which are easily forgotten. The list of user defined scheduled tasks, called cron jobs in Linux lingo, can be redirected into a text file to be saved for later reference.

pi@raspberrypi:~ $ crontab -l > user_crontab.bak

Jobs created as root can be saved in a similar manner.

pi@raspberrypi:~ $ sudo crontab -l > sudo_crontab.bak

There were no root cron jobs on my original Raspberry Pi.

Saving Domoticz Data

Here is the data that I saved. The last two are only useful if switch icons were added manually. If they were uploaded using the Custom Icons in the Setup/More Options menu, then they were saved in the database. Even then it might be worthwhile to save the uploaded images. They can be identified by the file owner who is root.

Path	Description
`/etc/domoticz/setupVars.conf`	The installation parameters (directory, http ports)
`/etc/init.d/domoticz.sh`	The actual start up script (the one in /home/pi/domoticz/ is a template only).
`/home/pi/domoticz/domoticz.db`	Database of Domoticz devices
`/home/pi/domoticz/scripts/bash/*`	Bash scripts
`/home/pi/domoticz/scripts/dzVents/scripts/*`	dzVents scripts
`/home/pi/domoticz/scripts/python/*`	Python scripts
`/home/pi/domoticz/scripts/lua/*`	Lua scripts
`/home/pi/domoticz/www/images/floorplans/*`	While floor plans are saved in the database, it is a good idea to keep a copy of the original files
`/home/pi/domoticz/www/switch_icons.txt`	List of all switch icons
`/home/pi/domoticz/www/images/*.png`	Those icon images that were added manually

Saving Web Server Data

The Web server is used for only one purpose: serve binary files for over-the-air updates of home automation wireless devices. There is one subdirectory per device type in the /var/www/html directory. I saved everything in the html directory.

pi@raspberrypi: ~$ cd /var/www/html pi@raspberrypi:/var/www/html $ tar -czvf webdata.tar.gz . ./ ./index.html ./404.html ./sonoff/ ...

Files saved:

Path	Description
`/var/www/html/webdata.tar.gz`	Archive of `/var/www/html/`
`/etc/nginx/nginx.conf`	The Web server configuration file.

Saving the nginx configuration file is almost more work than editing the file when configuring the server as it involved only the addition of a single line.

Saving WireGuard Data

I saved the WireGuard configuration file wg0.conf in the /etc/wireguard directory. On some other systems there could be more than one file and all should be saved.

I also saved the content of the /home/pi/wg_config directory. That the script and information about all the peers that connect to the virtual network server on the system used to create the configuration file.

Saving Packages with `apt_clone`

Michael Vogt (mvo5) has created a package called apt-clone that saves a list of all installed packages on Debian based systems including Raspbian. Later the packages can be easily re installed in one go after installing the operating system and apt-clone itself. It is not unlike the use pip freeze to preserve the Python environment for later use. More information can be found in a post by Oltjano Terpollari: How to Clone Packages in Debian Derived Systems and elsewhere on the Web.

This will be a first-time use of this package. First I installed it, created a hidden directory ~/.clones and had apt-clone create the list of installed packages in that directory.

pi@raspberrypi:~ $ sudo apt install apt-clone Reading package lists... Done pi@raspberrypi:~ $ mkdir .clones pi@raspberrypi:~ $ sudo apt-clone clone .clones not installable: version mismatch: Note that you can use --with-dpkg-repack to include those packges in the clone file. pi@raspberrypi:~ $ ls .clones apt-clone-state-raspberrypi.tar.gz pi@raspberrypi:~ $ sudo apt-clone info .clones/apt-clone-state-raspberrypi.tar.gz Hostname: raspberrypi Arch: armhf Distro: buster Meta: Installed: 513 pkgs (232 automatic) Date: Sun Oct 27 01:43:01 2019

I have no experience with using apt-clone when moving to a newer version of Debian but it does work when cloning a current version of the OS.

Getting Buster on an SD card

The home automation system cannot be offline while I am experimenting with updates. Instead everything is being done on a Raspberry Pi Model 3 B. Once that new system is running, I hope to do the same thing on the old Model B which I have found more than adequate as a home automation server.

As usual, I downloaded the latest Lite version of Raspbian:

  Raspbian Buster Lite
  Minimal image based on Debian Buster
  Version:            September 2019
  Release date:       2019-09-26
  Kernel version:     4.19
  Size:               435 MB

from https://www.raspberrypi.org/downloads/raspbian/. Of course you can download and install a desktop version of Raspbian and it will be possible to do everything described in these posts.

I followed the instructions to copy the image onto a micro-SD card in Installing operating system images. Installing the current version of balenaEtcher in a Linux system is quite simple. Extract the application, balenaEtcher-1.5.59-x64.AppImage from the downloaded archive and copy it to ~/.local/bin (it could just about anywhere in the home directory). Delete any old application desktop file. Lately, these are named appimagekit-balena-etcher-electron.desktop and are stored in the /home/michel/.local/share/applications/ directory. Start the application and let it install a desktop file. From then on, balenaEtcher can be started in the usual way. I recommend checking the application settings (clig on the cog wheel) and disable the Auto-unmount on success option.

As before, it was a breeze to copy the operating system image onto the SD card with the application. It is not even necessary to decompress the downloaded archive containing the image file.

All these file management chores, copying, deleting, extracting from archives and so on, can all be done with "point and click" ease using Double Commander. It is one of the first utilities I install in all the Linux distributions I use. It even works in Windows, macOS and FreeBSD. Highly recommended. Furthermore, it is written in Free Pascal/Lazarus, my favourite programming language.

Start with Monitor and Keyboard

By far the easiest way to boot and configure Raspbian on a Raspberry Pi is with a direct connection to the Linux console using a monitor and keyboard. A mouse can also be connected, but it is not needed as Buster Lite does not have a graphical interface. If it is possible to connect the Pi to the local area network with an Ethernet cable, then updating the system and installing packages will be very simple indeed.

Put in the SD card with the Debian image and turn the machine on. Expect lots of things to scroll by the screen and after a while enter the default password when prompted. Do not worry if nothing shows up as you type, that's a safety feature.

... raspberrypi login: pi Password: raspberry not echoed to screen

Once you have typed in the invisible password, press the Enter key to tell Linux that you have finished your bit. It will read what you have typed in and either complain that the password is wrong or it will welcome you and show the '$' prompt.

Linux raspberrypi 4.19.57+ #1244 Thu Jul 4 18:42:50 BST 2019 armv6l The programs included with the Debian GNU/Linux system are free software; ... pi@raspberrypi:~ $

If this is the first time that you are setting up a Raspberry Pi, I would strongly suggest that you follow what preceded and not bother with the "headless" stuff in the following sections. Later on when you see an ssh command given from a Linux desktop, or a Windows machine:

michel@hp:~$ ssh pi@192.168.1.101

C:\Users\michel> ssh pi@192.168.1.101

it means that I am connecting to a headless Pi over the local area network. Ignore these commands if you have a direct console connection and skip to the Basic Configuration section.

Of course if an extra keyboard and monitor are not available, then you will have to find another way to reach a headless Raspberry Pi. There is an easy way to open a session with a Raspberry Pi that is not connected to a keyboard and monitor, and there is a hard way. Both are described below.

Headless Start the Easy Way

If you have a USB to Serial adapter that operates on 3.3V and you know how to use a terminal program such as Screen, tmux or C-Kermit, then it is relatively simple to connect to a Rapsberry Pi. Here is the pinout.

Raspberry Pi			USB Serial Adapter Connection
Pin	GPIO	Function	USB Serial Adapter Connection
6, 9 or 14	Ground		Ground pin
8	14	UART0_TXD	RX pin
10	15	UART0_RXD	TX pin

USB cable to GPIO connection

If the Raspberry Pi is an older model without built-in Bluetooth, then there is no further preparation needed. If the Raspberry Pi is a a newer model, then the config.txt file found in the boot partition of the micro SD card containing the Raspbian image has to be modified. Assuming the SD card is still in the desktop computer reader, its boot partition is should be seen as a drive connected to the system. If not, remove the card from the reader, wait awhile and insert it in the reader again. The partition should be found by the system because its file system is the ubiquitous FAT32 which most operating system can read.

michel@hp:~$ cd /media/michel/boot michel@hp:/media/michel/boot$ nano config.txt

Add the following lines near the end of the file.

# Connect getty to the GPIO UART port enable_uart=1

List the serial devices on the system before connecting the USB to serial (tty) adapter to the desktop computer

michel@hp:~$ ls /dev/ttyUSB* ls: cannot access '/dev/ttyUSB*': No such file or directory

Now connect the serial end of the the USB to Serial adapter to the Raspberry Pi which should not be under power and then connect it to the desktop USB port. List serial devices to find the newly added adapter, start up the terminal program connecting to that port and then apply power to the Raspberry Pi. You should then see the Linux boot messages which end with a login prompt.

michel@hp:~$ ls /dev/ttyUSB* /dev/ttyUSB0 michel@hp:~$ kermit -l /dev/ttyUSB0 -b 115200 -C "set carrier-watch off, connect" Connecting to /dev/ttyUSB0, speed 115200 Escape character: Ctrl-\ (ASCII 28, FS): enabled Type the escape character followed by C to get back, or followed by ? to see other options. ---------------------------------------------------- power up the Raspberry Pi... [ 0.000000] Booting Linux on physical CPU 0x0 [ 0.000000] Linux version 4.19.75-v7+ (dom@buildbot) (gcc version 4.9.3 (crosstool-NG crosstool-ng-1.22.0-88-g8460611)) #1270 SMP Tue Sep 24 18:45:11 BST 2019 [ 0.000000] CPU: ARMv7 Processor [410fd034] revision 4 (ARMv7), cr=10c5383d ... [ 6.342423] systemd[1]: Starting Set the console keyboard layout... [ 6.356465] systemd[1]: Listening on Journal Socket (/dev/log). [ 6.375402] systemd[1]: Mounting Kernel Debug File System... Raspbian GNU/Linux 10 raspberrypi ttyS0 raspberrypi login: pi Password: raspberry not echoed to screen Linux raspberrypi 4.19.75-v7+ #1270 SMP Tue Sep 24 18:45:11 BST 2019 armv7l The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. pi@raspberrypi:~$

If using Screen the terminal should be launched with the following command on the desktop.

michel@hp:~$ screen /dev/ttyUSB0 115200

If you are here, then ignore the ssh commands such as

michel@hp:~$ ssh pi@192.168.1.101

C:\Users\michel> ssh pi@192.168.1.101

that you may see later on in this post unless you have connected to the Raspberry Pi over the local area network, which is not necessary when there is a direct serial connection with the Pi. Skip ahead to the Basic Configuration section.

Headless Start the Hard Way

The Raspberry Pi is used as a headless server with no monitor and no keyboard. I am rather lazy find a hassle to dig out a monitor and keyboard just for the initial configuration of such a system. And my USB to serial adapters have a way of disappearing. So this is my preferred method to set up a Raspberry Pi, but not the one I recommend.

Since connectivity with the local network will be by Wi-Fi when the home automation system will be in operation, it would be great if that could also be set up before the first boot. Well, it can... maybe. Wi-Fi can be enabled without problems on newer Raspberry Pi's that have a built-in Wi-Fi (Raspberry Pi Model 3 and newer). On older Raspberry Pi it may be possible, but that requires a Wi-Fi USB dongle that is supported by the Linux kernel; see Various Hardware with Raspbian Buster Lite, USB Wi-Fi Dongles for some details.

Furthermore a static IP addresses can be assigned to the Ethernet network interface. It is also possible to do that for the Wi-Fi interface if the desktop (or portable) computer used to create the SD image is running Linux or Mac OS (I have not verified this claim on a Mac).

The setup is in two or three parts. I am assuming that the (micro) SD card containing the Raspbian image is still connected to the desktop computer and its boot partition is visible in the desktop system. If not, remove the card from the reader, wait awhile and insert it in the reader again. The partition should show up as its file system is the ubiquitous FAT32 which most operating system can read. If the desktop is running Linux or MacOS the second, much bigger partition, rootfs will also show up. Windows will not read an Ext4 partition.

Enable ssh

This approach entails connecting to the Raspberry Pi over the local network using the SSH protocol. By default the ssh service is not enabled in Raspbian Buster. But, this is easily remedied. If there is a file named ssh in the boot partition when the Raspberry Pi is first booted, then the service will be enabled and started. The content of the ssh file does not matter. Indeed, it can be an empty file.

michel@hp:~$ cd /media/michel/boot michel@hp:/media/michel/boot$ touch ssh michel@hp:/media/michel/boot$ ls -l ssh just checking -rw-r--r-- 1 michel michel 0 oct 13 14:04 ssh

Information for neophytes Show

Information for neophytes Hide

These commands, shown on a greenish background, are typed out in a virtual console or a terminal which is a wrapper program that runs a shell or command processor on my desktop Ubuntu system. The terminal is easily started with the simultaneous three key press: AltCtrlT.

The desktop computer name is hp and my user name is michel, hence the shell starts each command line with michel@hp:. After the colon, comes the present working directory (pwd in the jargon). In this case it is initially ~ which is short for the current user home directory which here is /home/michel. Finally, the shell writes the prompt which here is $. It can be different dependant on the shell being used. That's Linux for you, there is more than one shell.

The first command, cd (for change directory), changes the present working directory. The second command, touch, is used to change the time stamp of a file. But here we are exploiting a side effect of the command; if the named file does not exist, it is created. The third command, ls, lists the content of the present working directory if no parameters follow it. In this instance, the -l parameter asks for a detailed listing. The added filename ssh will limit the listing to matching files. We can then see that the file ssh has indeed been created and that its size is 0.

Instead of using touch, a file with minimal content named ssh could have been created with a text editor such as nano (see below). It would not matter what the file contained.

Do not forget to press the Enter key after typing each command. That is how the shell knows that you are done and that it is time for it to do its job. A long time ago, back when most computer programs were punched on cards made of light cardboard, I caused the reboot of a laboratory system when I first used an interactive terminal because I hadn't realized the need for the Enter. I will not go into the details, suffice it to say I am still red-faced about ruining someone's experiment. We all have to learn.

Because Double Commander allows me to launch a terminal in a specific directory, I did not even have to do the three-finger salute mentioned, nor issue the change directory command cd shown above.

Hide

Enable Wi-Fi (optional)

What is required is to create the wpa_supplicant configuration file with Wi-Fi credentials. I used nano from the command line, but any text editor could probably be used. The file, wpa_supplicant.conf, goes in the boot partition alongside the ssh file created in the previous state. You have to adjust the two-letter country code and the network credentials. The quotation marks around the SSID and password are necessary.

michel@hp:/media/michel/boot$ nano wpa_supplicant.conf

country=ca update_config=1 ctrl_interface=/var/run/wpa_supplicant network={ scan_ssid=1 ssid="wifi_network_name" psk="wifi_password" }

michel@hp:/media/michel/boot$ ls -l wpa* -rw-r--r-- 1 michel michel 157 oct 13 14:30 wpa_supplicant.conf

Information for neophytes Show

Set Static IP Address (optional)

This not strictly necessary but it is highly recommended to set static addresses for the network interfaces that will be used. First, this Raspberry Pi will be a server which needs to be easily found on the local network. Having a static IP address will accomplish this. Otherwise, the IP address may change when the Pi is rebooted. As the Domoticz installation script says:

    Domoticz is a SERVER so it needs a STATIC IP ADDRESS to function properly.

The other reason is that it will make it much simpler to find a headless Raspberry Pi to complete its basic configuration, especially for those that use a Windows desktop or portable computer.

I will make two points before going on to show how to proceed.

Make absolutely sure that the static address about to be assigned to the Raspberry Pi is not used by another device connected to the local network.
Make absolutely sure that the static address about to be assigned to the Raspberry Pi is not used by another device connected to the local network.

The static address can always be changed later.

There are two ways of setting a static IP address. The "easy but incorrect way" that will only work with an Ethernet connection to the Raspberry Pi. It is the only way I know that can be used by those that are using a Windows desktop. The "harder and correct way" will work with either an Ethernet connection or a Wi-Fi connection if it has been set up correctly as explained above.

Easy but incorrect

A simple addition to the text file /boot/cmdline.txt is all that is needed.

michel@hp:/media/michel/boot$ nano cmdline.txt

Add "ip=192.168.1.100" (or whatever the IP should be) without the quotation marks at the end of the single long line of commands the file contains.

dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=174e513b-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait ip=192.168.1.100

That is all that is needed right now. It will be better to clean things up later when the Raspberry Pi is configured.

Strangely (or not?) if Wi-Fi credentials have been defined, the Wi-Fi interface will not be enabled unless the wired connection is in place when powering the Pi for the first time. In that case, the Ethernet interface will have the static IP address specified in cmdline.txt, the Wi-Fi IP address will be set by the LAN dhcp server.

Harder but correct

This requires access to the rootfs partition which, on my Ubuntu desktop machine, is mounted in the /media/michel directory alongside the boot partition. Sometimes there is a problem trying to cd into the rootfs. This happens when the SD card is changed quickly. Start the disk application, find the SD card in the list of drives in the left pane and mount both the boot and rootfs partitions by selecting the partition in the listt of Volumes and then clicking on the left most button with the right pointing triangle. If the button shows a square, the partition is already mounted.

Disks window

The mount point will be displayed on the Contents line at the bottom. In my case it is /media/michel/rootfs. The fixed IP address is added to the dhcpcd configuration file. I prefer to back up the original file found in the rootfs/etc directory before modifying it.

michel@hp:~$ cd /media/michel/rootfs/etc michel@hp:/media/michel/rootfs/etc$ sudo cp dhcpcd.conf dhcpcd.bak michel@hp:/media/michel/rootfs/etc$ sudo nano dhcpcd.conf

Alternatively, nano can be made to back up the original when saving a changed version of the file.

michel@hp:/media/michel/rootfs/etc$ sudo nano -B dhcpcd.conf

The following lines, with appropriate changes, need to be added to the configuration file.

... interface eth0 static ip_address=192.168.1.100/24 static routers=192.168.1.1 static domain_name_servers=192.168.1.1 interface wlan0 static ip_address=192.168.1.101/24 static routers=192.168.1.1 static domain_name_servers=192.168.1.1

Information for neophytes Show

Initial Boot

It is now time for the initial boot. All that needs to be done is to safely eject the SD card from the desktop reader, then place it in the SD slot of the Raspberry Pi. I suggest that the Raspberry Pi be connected to the local area network (LAN) with an Ethernet cable for the initial boot at least, especially if a Wi-Fi dongle is being used. Indeed if the cmdline.txt file was modified to set a fixed IP address, then a wired connection to the LAN is mandatory. You may have to wait until the LED activity stops and the red LED is steadily on to open an ssh session.

Information for neophytes Show

Since I was able to set up a static IP for Ethernet and Wi-Fi using the "hard but correct way", I opened a remote session with ssh at the specified address Wi-Fi address without even connecting the Ethernet cable.

michel@hp:~$ ssh -l pi 192.168.1.101 or michel@hp:~$ ssh pi@192.168.1.101

In Windows the command would be the same

C:\Users\michel> ssh -l pi 192.168.1.100 or C:\Users\michel> ssh pi@192.168.1.100

but the Ethernet IP address has to be used and a wired connection is necessary.

If it had not been possible to set a static IP address, then try to connect to raspberrypi.local as shown here.

michel@hp:~$ ssh pi@raspberrypi.local

This will work in a desktop computer if its operating system has so called Zeroconf technology in place. That is the case for most major Linux distributions where the Avahi service is installed. It should also work in Mac OS where Bonjour takes care of the zeroconf protocols. It will not work in a fresh install of Windows. I tried and got this.

C:\Users\michel>ssh pi@rapsberrypi.local ssh: Could not resolve hostname raspberrypi.local: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.

Nevertheless, give it a try because it will work in Windows if Bonjour Print Services from Apple was installed previously to reach a networked printer.

If another Raspberry Pi with the default raspberrypi host name was already connected to the network, then the host names will be mangled to avoid conflicts. Its qualified host name address could be something like raspberrypi-2.local. You could use a zeroconf service browser to try to find it.

michel@hp:~$ avahi-browse --all

Information for neophytes Show

Information for neophytes Hide

If attempts at starting an ssh session give results such as what follows then there is something obviously wrong.

michel@hp:~$ ssh pi@192.168.1.101 ssh: connect to host 192.168.1.101 port 22: No route to host ... michel@hp:~$ ssh pi@192.168.1.101 ssh: connect to host 192.168.1.101 port 22: Connection refused ... michel@hp:~$ ssh pi@raspberrypi.local ssh: Could not resolve hostname raspberrypi.local: Name or service not known ... michel@hp:~$ ssh pi@raspberrypi.local ssh: connect to raspberrypi.local port 22: Connection refused

In the case of Connection refused then in all likelihood ssh was not enabled; something went wrong when creating the ssh file in the boot partition of the SD card.

If No route to host is displayed then it will be necessary to find the IP address of the Raspberry Pi. There are, at least, two ways to do this that should work no matter the operating system.

The router route

One way is to log into your router with a web browser to find the IP addresses of the devices connected to it. By scanning these addresses with the Raspberry Pi connected and not connected to the network, it should be fairly easy to identify the Raspberry Pi. This is not a foolproof method, I find that my router does not show all connected devices and does not react quickly when a device is disconnected.

Where's the router?

If you do not know the IP address of the router to access its web server in the first place, then have a look on the back or bottom of the device itself. If you are still out of luck, try running the ipconfig in a command window on a Windows desktop. You could use the ifconfig in a Linux or the ip address command if net-tools (which contains ifconfig is not installed which is the case in Ubuntu). Even simpler, look at the interface settings on the desktop; the IP address of the default route and DNS server is probably the IP address of the router. Below are a couple of screenshots taken in virtual machines, the first running Mint19 (another variant of Debian) and the second Windows XP.

Network interface in Mint19

Network interface in Windows XP

The IP scan method

Another approach is to use an IP scanner. Angry IP Scanner is available for Windows, Linux and Mac OS X. I use Zenmap, a graphical interface for nmap which is available in the Ubuntu software library. If you have a wireless router, you can try NetX on an Android tablet or phone. I am sure there is something equivalent on IOS. Just as before, do two scans for valid IP addresses on the local area network. One scan is done with the Raspberry Pi powered on and connected to the network and one scan with the Raspberry Pi powered off. A comparison of the valid IP addresses should reveal the IP address of the Raspberry Pi.

The ARP scan method

I have just become aware of yet a third way explained by Remi Bergsma in HOWTO discover the ip address of a Raspberry Pi. I had to install the arp-scan package.

michel@hp:~$ sudo apt install arp-scan -y michel@hp:~$ ip link show 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp4s0: mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000 link/ether 20:25:64:7b:f0:af brd ff:ff:ff:ff:ff:ff 3: wlp3s0: mtu 1500 qdisc fq_codel state UP mode DORMANT group default qlen 1000 link/ether b8:ee:65:ef:35:2b brd ff:ff:ff:ff:ff:ff 4: anbox0: mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 3a:64:82:b9:4b:d2 brd ff:ff:ff:ff:ff:ff michel@hp:~$ sudo arp-scan --interface=wlp3s0 --localnet | grep b8:27:eb 192.168.1.22 b8:27:eb:00:11:22 Raspberry Pi Foundation 192.168.1.134 b8:27:eb:33:44:55 Raspberry Pi Foundation

The second command was to get the correct name for the network interface that is used by the desktop computer to connect to the local network. It is not really necessary as the --interface but if more than one interface is connected, the scan will take longer and there will be repetitions if interfaces are connected to the same network.

Something like this should work in Windows without the need to install anything.

C:\Users\michel>arp -a | findstr b8-27-eb 192.168.1.22 b8-27-eb-00-11-22 static 192.168.1.134 b8-27-eb-33-44-55 dynamic

All this is proof that setting up a static address before booting the Raspberry Pi for the first time is worthwhile.

Hide

If this is the first time you log onto a Raspberry Pi with ssh then things should go smoothly. Just enter the default password, raspberry.

pi@192.168.1.22's password: raspberry not echoed on screen! Linux raspberrypi 4.19.57+ #1244 Thu Jul 4 18:42:50 BST 2019 armv6l The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sun Oct 20 05:31:26 2019 from 192.168.1.124 SSH is enabled and the default password for the 'pi' user has not been changed. This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password. pi@raspberrypi:~ $

If the IP address had already been used for an ssh session or if the host name raspberrypi.local had already been used then expect some complication.

michel@hp:~$ ssh pi@raspberrypi.local The authenticity of host 'raspberrypi.local (192.168.1.127)' can't be established. ECDSA key fingerprint is SHA256:rwBLg500tk6VyAYUxB8mJ1eqmHzkUolijvPuBcgMPFc. Are you sure you want to continue connecting (yes/no)? yes Warning: the ECDSA host key for 'raspberrypi.local' differs from the key for the IP address '192.168.1.127' Offending key for IP in /home/michel/.ssh/known_hosts:47 Are you sure you want to continue connecting (yes/no)? yes pi@raspberrypi.local's password: raspberry not echoed on screen! Linux raspberrypi 4.19.57+ #1244 Thu Jul 4 18:42:50 BST 2019 armv6l The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sun Oct 20 05:32:58 2019 from 192.168.1.124 SSH is enabled and the default password for the 'pi' user has not been changed. This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password. pi@raspberrypi:~ $

Something ever more byzantine could be displayed. Assuming that everything is safe, just go along with the suggestions.

michel@hp:~$ ssh pi@raspberrypi.local @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ECDSA host key for raspberrypi.local has changed, and the key for the corresponding IP address 192.168.1.22 has a different value. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. Offending key for IP in /home/michel/.ssh/known_hosts:40 remove with: ssh-keygen -f "/home/michel/.ssh/known_hosts" -R "192.168.1.22" @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:FVsw5/G3Bj05OmZP6/Mknd35ecv3Ak/iPoaw0FfU3Fw. Please contact your system administrator. Add correct host key in /home/michel/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/michel/.ssh/known_hosts:62 remove with: ssh-keygen -f "/home/michel/.ssh/known_hosts" -R "raspberrypi.local" ECDSA host key for raspberrypi.local has changed and you have requested strict checking. Host key verification failed. michel@hp:~$ ssh-keygen -f "/home/michel/.ssh/known_hosts" -R "raspberrypi.local" # Host raspberrypi.local found: line 62 /home/michel/.ssh/known_hosts updated. Original contents retained as /home/michel/.ssh/known_hosts.old michel@hp:~$ ssh pi@raspberrypi.local The authenticity of host 'raspberrypi.local (192.168.1.22)' can't be established. ECDSA key fingerprint is SHA256:FVsw5/G3Bj05OmZP6/Mknd35ecv3Ak/iPoaw0FfU3Fw. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'raspberrypi.local' (ECDSA) to the list of known hosts. Warning: the ECDSA host key for 'raspberrypi.local' differs from the key for the IP address '192.168.1.22' Offending key for IP in /home/michel/.ssh/known_hosts:40 Are you sure you want to continue connecting (yes/no)? yes pi@raspberrypi.local's password: raspberry not echoed on screen Linux raspberrypi 4.19.57+ #1244 Thu Jul 4 18:42:50 BST 2019 armv6l The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. SSH is enabled and the default password for the 'pi' user has not been changed. This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.

Basic Configuration

At this point you should be logged into the Raspberry Pi. If you installed the desktop of version of Raspbian and connected a monitor, keyboard and mouse to the Pi, you will be in the graphic user interface, so it will be necessary to start a terminal to follow along. This is not too hard, just find and start the LXTerminal application in the usual fashion. You could also try the 3 key combination AltCtlT which may pop up the terminal window as in Ubuntu.

The password and other basic parameters should be changed. This is best done with the configuration utility. But before, you may want to change the avahi configuration file.

pi@raspberrypi:~ $ sudo nano /etc/avahi/avahi-daemon.conf

#publish-workstation=no to publish-workstation=yes

With that, the "workstation" will show up in the avahi-browse --all command.

If cmdline.txt had been modified to set a static IP address for the Ethernet network interface, then this is time to set the static IP address the correct way and to remove the modification to the file. Similarly if a static IP address had not been assigned before booting, then this would be the opportune time to do it. The static address or addresses are set in the dhcpcd configuration file.

pi@raspberrypi:~ $ sudo nano /etc/dhcpcd.conf

You just need to add the static addresses as shown above. This will take effect on the next reboot of the Pi. But do not reboot now, continue on to complete the basic configuration and then reboot as instructed.

If the cmdline.txt had been modified it should be returned to its original state now that dhcpcd.conf has been correctly modified.

pi@raspberrypi:~ $ sudo nano /boot/cmdline.txt

Just remove ip=192.168.1.100 (or whatever the static IP was) at the end of the line. The sudo prefix is needed here because the copy of cmdline.txt in the ext4 partition belongs to root.

Now start the configuration utility.

pi@raspberrypi:~ $ sudo raspi-config

This is the opening screen of the configuration.

If you logged in with Kermit over a serial connection, you will not get the pretty colours:

It does not matter, the program works the same way. Navigate with the Tab key ⇥ to move from one control to the next and with the up ↑ and down ↓ cursor keys to move within a list. Select the highlighted choice by pressing on the ↲ or Enter key. The selection can also be made by "tabbing" to the <Select> or <Select> control at the bottom and then press the Enter key. I suggest that the following changes be made.

5 Interfacing Options / P2 SSH:
choose <Yes> to enable the SSH server if it has not already been done. Even if you installed the Desktop version of Rasbian and have a keyboard and monitor hooked up to the Raspberry Pi, I recommend doing this.
4 Localisation Options / I2 Change Timezone:
select your continent or region and then select your city or one nearby in the same time zone. As this is a headless system, there is no real advantage to change the locale or keyboard layout.
7 Advanced Options / A3 Memory Split:
if this Pi will be used as a server it makes sense to allocate as little memory as possible to the graphic processing unit. This is 16 M bytes.
1 Change User Password:
do not forget it; save it in a password manager (I use KeePassXC).
2 Network Options / N2 Wi-fi:
enter the wireless network name and password if Wi-Fi connectivity is desired and if it was not defined already.
2 Network Options / N1 Hostname:
change the host name to avoid collisions with other Raspberry Pi that may connect to the network currently or in the future. For illustrative purposes, I set the host name to goldserver.

Reboot as suggested, and then after a while check that the Raspberry Pi publishes its host name and then reconnect with ssh. Even if a keyboard and monitor are connected to the Raspberry Pi, it is a good idea to learn how to connect via SSH to a Pi that will be used as a server.

michel@hp:~$ avahi-browse -t _workstation._tcp ... + wlp3s0 IPv6 goldserver [a8:db:89:01:d4:58] Workstation local + wlp3s0 IPv4 goldserver [a8:db:89:01:d4:58] Workstation local ... michel@hp:~$ ssh pi@raspberrypi.local pi@raspberrypi.local's password: new_password not echoed on screen ...

If everything seems in order and if it had been necessary to edit the config.txt file to enable the uart because the Raspberry Pi has a bluetooth chip, then I suggest disabling the UART.

pi@raspberrypi:~ $ sudo nano /boot/config.txt

... # Connect getty to the GPIO UART port #enable_uart=1 <-- insert leading # to disable ...

This is to regain the slight loss of performance caused by enabling the serial port. See Configuring The GPIO Serial Port On Raspbian Jessie and Stretch Including Pi 3 and 4 by Jon Watkins for details.

Change the Default User Name

For added security, it is not a bad idea to change the default user. In the past, I would simply add a new user and eventually removed the default user pi. But that was a hit-or-miss approach which usually meant hunting down a missing group membership for the new user when something new did not work. Luckily, Jim McDonnell at Unix etc. has a very good explanation of how to proceed systematically to avoid such problems. I just followed the instructions in How to Rename the Default Raspberry Pi User, executing the scripts found in that article. There were a couple of error messages.

sed: can't read lightdm/lightdm.conf: No such file or directory sed: can't read polkit-1/localauthority.conf.d/60-desktop-policy.con: No such file or directory

Because the listed configuration files are not present in the Lite version of Raspbian there were no real errors, as mentioned in the article.

Because the default pi user was renamed woopi, ssh connections need to be with that account from now on.

michel@hp:~$ ssh woopi@goldserver.local woopi@goldserver.local's password: xxx...

Updating the Operating System

Before installing any major new piece of software, it is always important to update the operating system. This is something that is done more or less automatically in full blown desktop systems such as Ubuntu. On the Lite version of Raspbian, it has to be done manually.

woopi:goldserver~ $ sudo apt-get update && sudo apt-get upgrade -y ... The following packages will be upgraded: e2fsprogs firmware-atheros firmware-brcm80211 firmware-libertas firmware-misc-nonfree firmware-realtek libcom-err2 libext2fs2 libraspberrypi-bin libraspberrypi-dev libraspberrypi-doc libraspberrypi0 libss2 libssl1.1 libxml2 libxmuu1 openssh-client openssh-server openssh-sftp-server openssl raspberrypi-bootloader raspberrypi-kernel raspi-config ssh sudo wpasupplicant 26 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 132 MB of archives. After this operation, 59.4 kB of additional disk space will be used. ...

This operation took a surprising amount of time even if the image was rather recent. Now you may be time to get a coffee, tea or other beverage.

Information for neophytes Show

Information for neophytes Hide

Newcomers to Debian Linux might wonder what this odd-looking commands is. The command line contains two commands that are separated by the double ampersand. Instead of combining the commands they could have been given one after the other.

woopi:goldserver~ $ sudo apt-get update ... woopi:goldserver~ $ sudo apt-get upgrade -y ...

The first command, apt-get update, scans the default Debian repository and any other repositories that you may have added (see below for an example) to update the list of currently available software packages in the repositories. The second, apt-get upgrade will replace currently installed packages with any newer version if available. It is important to realize that apt-get upgrade uses to local list of available packages to decide if a newer version is available, it does not scan the repositories itself. That why it is important to execute apt-get update first.

The -y option is added to the sudo apt-get upgrade command so that it will not be necessary to confirm, with a y, that the operation is to be completed.

Other Linux distributions have different package managers: Red Hat and CentOS uses yum, Arch Linux uses pacman and so on.

Even within Debian the story is rather more complex. As far as I know, APT (Advanced Packaging Tool) is actually a "front end" for DPKG the Debian Package Management System. There are other front ends, such as Synaptic, which I occasionally use on my Ubuntu desktop, and Aptitude.

With its inclusion in Ubuntu 16.04 in 2016, a new front end called simply apt started to become popular. Basically, it aggregates the commands spread across the apt-get and apt-cache utilities. You will find in my posts that I sometimes use apt update and apt upgrade instead of the apt-get versions shown above. They are basically interchangeable. The same is true for apt show and apt-get show, but I prefer to use apt-cache policy to get pithier information about available versions of a package as well as the installed version when a package is already installed. For more information see Difference Between apt and apt-get Explained.

Hide

Syslog

I also enabled the UDP module of the log server on the Raspberry Pi because a number of home automation devices send their log messages to the Pi (see Syslog Server on Raspbian).

woopi@goldberg:~/pythons $ sudo nano /etc/rsyslog.conf

# /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html ################# #### MODULES #### ################# module(load="imuxsock") # provides support for local system logging module(load="imklog") # provides kernel logging support #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception module(load="imudp") <-- enabled by removing leading '#' input(type="imudp" port="514") <-- enabled by removing leading '#' # provides TCP syslog reception #module(load="imtcp") #input(type="imtcp" port="514")

Information for neophytes Show

Information for neophytes Hide

Log files live in the /var/log directory.

pi@raspberrypi:~ $ ls -lt /var/log list in order of last access total 720 -rw-rw-r-- 1 root utmp 292292 Nov 5 21:20 lastlog -rw-rw-r-- 1 root utmp 22656 Nov 5 21:20 wtmp -rw-r----- 1 root adm 116942 Nov 5 21:20 daemon.log -rw-r----- 1 root adm 261640 Nov 5 21:20 syslog -rw-r----- 1 root adm 15024 Nov 5 21:20 auth.log -rw-r----- 1 root adm 140862 Nov 5 19:51 kern.log -rw-r----- 1 root adm 134253 Nov 5 19:51 messages -rw-r----- 1 root adm 5645 Nov 5 19:51 debug -rw-r----- 1 root adm 1062 Nov 5 19:51 user.log -rw-rw---- 1 root utmp 4608 Sep 25 22:18 btmp drwx------ 2 root root 4096 Sep 25 21:24 private

Listing the content a log file looking for error messages for a particular problem is a lot like drinking from the proverbial fire hose. Just cat syslog to see what happens.

pi@raspberrypi:~ $ cat /var/log/syslog ... many, many messages Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Sockets. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Timers. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Basic System. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Default. Nov 5 21:20:50 raspberrypi systemd[1092]: Startup finished in 161ms. Nov 5 21:20:50 raspberrypi systemd[1]: Started User Manager for UID 1000. Nov 5 21:20:50 raspberrypi systemd[1]: Started Session c3 of user pi.

You can use another Linux utility to see only the last desired number of messages in a log.

pi@raspberrypi:~ $ tail -n 20 /var/log/syslog Nov 5 20:51:36 raspberrypi rngd[317]: stats: Entropy starvations: 0 Nov 5 20:51:36 raspberrypi rngd[317]: stats: Time spent starving for entropy: (min=0; avg=0.000; max=0)us Nov 5 21:17:01 raspberrypi CRON[1061]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Nov 5 21:20:50 raspberrypi systemd[1]: Created slice User Slice of UID 1000. Nov 5 21:20:50 raspberrypi systemd[1]: Starting User Runtime Directory /run/user/1000... Nov 5 21:20:50 raspberrypi systemd[1]: Started User Runtime Directory /run/user/1000. Nov 5 21:20:50 raspberrypi systemd[1]: Starting User Manager for UID 1000... Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Paths. Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG network certificate management daemon. Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Sockets. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Timers. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Basic System. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Default. Nov 5 21:20:50 raspberrypi systemd[1092]: Startup finished in 161ms. Nov 5 21:20:50 raspberrypi systemd[1]: Started User Manager for UID 1000. Nov 5 21:20:50 raspberrypi systemd[1]: Started Session c3 of user pi.

You can "follow" a log file, which in effect will print to the console each new message as it is written to the log.

pi@raspberrypi:~ $ tail -n 20 -f /var/log/syslog Nov 5 20:51:36 raspberrypi rngd[317]: stats: Entropy starvations: 0 Nov 5 20:51:36 raspberrypi rngd[317]: stats: Time spent starving for entropy: (min=0; avg=0.000; max=0)us Nov 5 21:17:01 raspberrypi CRON[1061]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Nov 5 21:20:50 raspberrypi systemd[1]: Created slice User Slice of UID 1000. Nov 5 21:20:50 raspberrypi systemd[1]: Starting User Runtime Directory /run/user/1000... Nov 5 21:20:50 raspberrypi systemd[1]: Started User Runtime Directory /run/user/1000. Nov 5 21:20:50 raspberrypi systemd[1]: Starting User Manager for UID 1000... Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Paths. Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG network certificate management daemon. Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Sockets. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Timers. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Basic System. Nov 5 21:20:50 raspberrypi systemd[1092]: Reached target Default. Nov 5 21:20:50 raspberrypi systemd[1092]: Startup finished in 161ms. Nov 5 21:20:50 raspberrypi systemd[1]: Started User Manager for UID 1000. Nov 5 21:20:50 raspberrypi systemd[1]: Started Session c3 of user pi. Nov 5 21:28:45 raspberrypi systemd[1]: Started Session c4 of user pi.

If you know what you are looking for then you can pipe the output of cat to grep to show only log messages that are pertinent.

pi@raspberrypi:~ $ cat /var/log/syslog | grep -i gnupg Sep 26 02:18:25 raspberrypi systemd[454]: Listening on GnuPG network certificate management daemon. Sep 26 02:18:25 raspberrypi systemd[454]: Listening on GnuPG cryptographic agent and passphrase cache. Sep 26 02:18:25 raspberrypi systemd[454]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Sep 26 02:18:25 raspberrypi systemd[454]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Sep 26 02:18:25 raspberrypi systemd[454]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG network certificate management daemon. Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG cryptographic agent and passphrase cache. Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG cryptographic agent and passphrase cache (restricted). Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG cryptographic agent (ssh-agent emulation). Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG network certificate management daemon. Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG cryptographic agent and passphrase cache. Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG network certificate management daemon. Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache.

Finally, using grep to select messages with "gnugp" or "fips" and then piping the result to grep to select messages with "Nov 5" will display only messages on "Nov 5" containing "gnugp" or "fips".

pi@raspberrypi:~ $ cat /var/log/syslog | grep -iE "gnupg|fips" | grep "Nov 5" Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG network certificate management daemon. Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG cryptographic agent and passphrase cache. Nov 5 19:53:22 raspberrypi systemd[586]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG cryptographic agent and passphrase cache (restricted). Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG cryptographic agent (ssh-agent emulation). Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG network certificate management daemon. Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG cryptographic agent and passphrase cache. Nov 5 20:38:53 raspberrypi systemd[586]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers). Nov 5 20:51:36 raspberrypi rngd[317]: stats: FIPS 140-2 successes: 4 Nov 5 20:51:36 raspberrypi rngd[317]: stats: FIPS 140-2 failures: 0 Nov 5 20:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Monobit: 0 Nov 5 20:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Poker: 0 Nov 5 20:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Runs: 0 Nov 5 20:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Long run: 0 Nov 5 20:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Continuous run: 0 Nov 5 20:51:36 raspberrypi rngd[317]: stats: FIPS tests speed: (min=1.429; avg=3.446; max=6.969)Mibits/s Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG network certificate management daemon. Nov 5 21:20:50 raspberrypi systemd[1092]: Listening on GnuPG cryptographic agent and passphrase cache. Nov 5 21:51:36 raspberrypi rngd[317]: stats: FIPS 140-2 successes: 6 Nov 5 21:51:36 raspberrypi rngd[317]: stats: FIPS 140-2 failures: 0 Nov 5 21:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Monobit: 0 Nov 5 21:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Poker: 0 Nov 5 21:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Runs: 0 Nov 5 21:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Long run: 0 Nov 5 21:51:36 raspberrypi rngd[317]: stats: FIPS 140-2(2001-10-10) Continuous run: 0 Nov 5 21:51:36 raspberrypi rngd[317]: stats: FIPS tests speed: (min=1.429; avg=4.152; max=7.033)Mibits/s

Hide

Working Directories

I added two directories to the woopi home directory that will hold bash scripts and python scripts.

woopi@goldserver:~ $ mkdir -p .local/bin

Then I added that directory to the search path by appending the following to the .profile file in the home directory.

woopi@goldserver:~ $ nano .profile

# if it exists include ~.local/bin in the PATH if [ -d "$HOME/.local/bin" ] ; then PATH="$HOME/.local/bin:$PATH" fi

I prefer creating a virtual Python 3 environment to contain what I'll call system Python scripts. That way it will be possible to experiment with newer libraries in the future without breaking the Python scripts the system relies upon. A couple of packages need to be installed to create virtual environments.

woopi@goldserver:~ $ sudo apt-get install --upgrade python3-dev python3-venv -y ... Need to get 49.8 MB of archives. After this operation, 75.8 MB of additional disk space will be used. ...

I have written a bash script that automates the creation of virtual environments. This will copy it to the bash script directory and make it executable.

woopi@goldserver:~ $ wget http://sigmdel.ca/michel/program/python/dnld/mkvenv.ubuntu -O .local/bin/mkvenv woopi@goldserver:~ $ chmod +x .local/bin/mkvenv

Following a suggestion by AndyG, I added a shell function and alias in my .bashrc file.

woopi@goldserver:~ $ nano .bashrc

ve() { source $1/bin/activate; } alias ev='deactivate'

Log out of the woopi account and log back in for these changes to take effect and then create the virtual environment.

woopi@goldserver:~ $ logout Connection to goldserver.local closed. michel@hp:~$ ssh woopi@goldserver.local ... woopi@goldserver:~ $ mkvenv .syspy creating virtual environment /home/woopi/.syspy updating virtual environment /home/woopi/.syspy

At this point I copied the saved pythons scripts into the environment. Some of these will not work because of missing Python modules. However these are easily added if the environment had been saved from a previous installation as explained above.

woopi@goldserver:~ $ ve .syspy (.syspy) woopi@goldserver:~ $ pip install -r syspy-requirements.txt

Of course if you did not have a virtual Python environment in a previous installation of Raspbian, then these last two steps cannot be followed. Later I will show which Python modules were added to the Python environment.

Table of Contents

Easy but incorrect

Harder but correct

The router route

Where's the router?

The IP scan method

The ARP scan method