Showing posts from March, 2018

Protecting the Pi: Restricting SSH to the USB gadget

Why? SSH is a security hole but is pretty much the only way to work on a Raspberry Pi without an attached keyboard/monitor or serial console cable.  There are some good articles that describe how to lock down SSH via password change or other security measure. I chose a slightly different approach that limits SSH based on the interface.   I only truly trust the USB private LAN ( usb0)  since it requires a direct connection and cannot be directly seen by any other device. Interfaces The system can ALLOW / DENY ssh on any network interface. We can create inbound firewall rules.  The script below uses iptables / ip6tables to block ssh wireless traffic and leaving SSH enabled for wired connections. Some folks may wish to further disable SSH over hardwire ethernet connections. usb0 : Raspberry  Pi Zero  running in gadget mode with a hard wire (USB) connection to a PC. eth0 :  Raspberry  Pi 3 and 3+  hard-wire Ethernet jacks. wlan0 : Raspberry  Pi Zero W, Raspberry Pi 3,

Create unique Raspberry Pi host names

Why bother? IOT can generate a lot of things, with each new function implemented by a new device.  Raspberry Pi devices are unix systems where each one has a name. It works best if the names on the network are unique. Manually naming IOT devices can get pretty tedious.  The following script generates a "unique" host-name based on existing device specific identifiers. The script can generate host-names based on identifiers or retrieve host names from a config file. Better living through scripting Run the script as a non privileged user to see the calculated name. Run the script with escalated privilege to change the host-name. Past the following into a file on your Raspberry Pi. This file is available on GitHub #!/bin/bash # Created 2018-03-20 # derived from 2017-08-18 # script to set Pi hostname based on MAC (or Serial number) # This script should be

HTTP control, relay control and OTA/HTTP firmware updates using an ESP8266 for just $11

The ESP8266 came out a few years ago and people were really excited about its capabilities. I stayed away from it because there were no tools, not decent peripheral libraries and a questionable supply chain.  Fast forward to today and the situation has dramatically changed. Software development is now supported in the Arduino IDE, the PlatformIO development platform and by NodeMCU. Microcenter stocks the several different ESP8266 boards by AdaFruit, Link Sprite and others. They had the LinkSprite with mounting holes, an relay and onboard voltage regulation for sale at $11 so I bought one. The board is smaller than a playing card but larger many other ESP8266 SBCs. I like the Link Sprite because it is case ready and has soldered in headers for peripherals. The  Link Sprite LinkNode R1 is essentially compatible with the Wemos D1 retired from a the programming point of view. A video of overview is also available on YouTube . A Simple Program for Relay Control This program on GitH

Setting up the Raspberry Pi Zero without HDMI or OTG

The Raspberry Pi Zero W is a full featured Raspberry Pi that includes USB, GPIO connector and built-in wireless connectivity. The main limitations of the Pi Zero is its' lack of USB ports, the use of USB OTG and weaker single core CPU, similar to the first generation Raspberry Pi. A raspberry Pi Zero is an ideal device for embedded applications where higher level programming capabilities and a Linux footprint are desired. Pi Zero Programming Options The Pi Zero is a full featured Raspberry Pi with built in video, HDMI, USB, and a full Linux operating system.  You have exactly the same development platform options as the Pi2/Pi3.  The Pi Zero's USB OTG feature means that the Raspberry Pi Zero can act as a peripheral instead of acting as a controller.  Raspberry Pi developers have written drivers/gadgets that emulate USB disk drives, USB Ethernet adapters and others.  The Ethernet gadget makes the Pi Zero appear to a USB connected computer as if the Pi was an Ethernet card th