Showing posts from March, 2018

Protecting the Pi: Restricting SSH to the USB gadget

Why? ssh is a remote login that is pretty much the only way to work on a headless Raspberry Pi without an attached keyboard/monitor or serial console cable. Remote login capability is a security risk even with something like SSH.  There are some good articles that describe how to lock down SSH via password change or other security measures. I decided to limit SSH to specific network interfaces. Raspberry PIs can have several network interfaces. The only hardwire network interfaces Raspberry Pi Zero when it is in Network Gadget mode. I only truly trust the USB private LAN ( usb0)  since it requires a direct connection and cannot be directly seen by any other device. Interfaces Our Raspberry PI can have several different Network Interfaces.  All of them are candidates for allowing or denying SSH or other inbound access. Linux lets us manage ssh by letting us configure port related ALLOW / DENY on all network interfaces. We can create inbound iptables firewall rules.  The scrip

Create unique Raspberry Pi host names

Why bother? IOT can generate a lot of things, with each new function implemented by a new device.  Raspberry Pi devices are unix systems where each one has a name. It works best if the names on the network are unique. Manually naming IOT devices can get pretty tedious.  The following script generates a "unique" host-name based on existing device specific identifiers. The script can generate host-names based on identifiers or retrieve host names from a config file. Better living through scripting Run the script as a non privileged user to see the calculated name. Run the script with escalated privilege to change the host-name. Past the following into a file on your Raspberry Pi. This file is available on GitHub #!/bin/bash # Created 2018-03-20 # derived from 2017-08-18 # script to set Pi hostname based on MAC (or Serial number) # This script should be

HTTP control, relay control and OTA/HTTP firmware updates using an ESP8266 for just $11

The ESP8266 came out a few years ago and people were really excited about its capabilities. I stayed away from it because there were no tools, no decent peripheral libraries, and a questionable supply chain.  Fast forward to today and the situation has dramatically changed. Software development is now supported in the Arduino IDE, the PlatformIO development platform and by NodeMCU. Microcenter stocks several different ESP8266 boards by AdaFruit, Link Sprite, and others. They had the LinkSprite with mounting holes, a relay and onboard voltage regulation for sale at $11 so I bought one. The board is smaller than a playing card but larger than many other ESP8266 SBCs. I like the Link Sprite because it is case ready and has soldered-in headers for peripherals. The  Link Sprite LinkNode R1 is essentially compatible with the Wemos D1 retired from a programming point of view. A video version of this blog is available on YouTube . A Simple Program for Relay Control This program on Git

Setting up the Raspberry Pi Zero without HDMI or OTG

The Raspberry Pi Zero W is a full featured Raspberry Pi that includes USB, GPIO connector and built-in wireless connectivity. The main limitations of the Pi Zero is its' lack of USB ports, the use of USB OTG and weaker single core CPU, similar to the first generation Raspberry Pi. A raspberry Pi Zero is an ideal device for embedded applications where higher level programming capabilities and a Linux footprint are desired. Pi Zero Programming Options The Pi Zero is a full featured Raspberry Pi with built in video, HDMI, USB, and a full Linux operating system.  You have exactly the same development platform options as the Pi2/Pi3.  The Pi Zero's USB OTG feature means that the Raspberry Pi Zero can act as a peripheral instead of acting as a controller.  Raspberry Pi developers have written drivers/gadgets that emulate USB disk drives, USB Ethernet adapters and others.  The Ethernet gadget makes the Pi Zero appear to a USB connected computer as if the Pi was an Ethernet card th