M.2 Boot Pi 4 Hirsute Hippo EZ/PZ, Great relief.

Why SSD drives just to USB boot? A little bit faster and a lot more stable.

Why a more stable raspberry pi?

This is a large search space.. Running a node for Web 3.0 services, a node for any decentralized infrastructure, DeFi, IPFS, the Graph, ETH[…]

After following several tutorials which failed along with thousands of line of code dedicated to automating the setup for USB boot from a sata drive [transferring or cloning from an SD card] it felt like duty to write a quick post. I hope this saves someone time, perhaps frustration, and certainly as in my own case, feeling silly for having not started with this obvious approach.

After all the ‘USB boot on Ubuntu 21.4 server with a raspberry pi 4’– + similar, tutorials and scripts all failed, I thought about it and… Eureka! I plugged it in. I just flashed the image directly to my drive via USB. After trying lots of cables I found that using one of the USB 180° male – male adapters to connect to the drive worked with most other combinations.

Then just flash it like you would an sd card, configure system-boot just like an sd card and boot with only the usb connection to the drive [no sd card].

I haven’t tested with other images or pi’s [only pi 4 64bit ubuntu 21.04 image for raspi]– as this is ancillary to my task at hand, but I certainly would try this before what seem like incredibly silly methods in retrospect from tutorials I came across.

https://ubuntu.com/download/raspberry-pi

THIS TYPE TAKES MORE WORK

Not a lot more work, but some. Here flash ssd drive and sd card and connect or insert them both. Then ssh to the device and do a full update and upgrade. If you want to really dig in see the documentation at:

https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2711_bootloader_config.md

Or just sudo apt install raspi-config and then enter the interface sudo raspi-config and you’ll find the bootloader options under ‘advanced’ sub menu. Select boot usb first and reboot into your ssd drive as root system. —

Gnu Image Manipulation Program practice [EO]

Recounting Recent: Hardening the Raspberry Pi

Adding an ‘ssh’ file to a fresh flash on Raspbian enables Secure Socket Shell on its first boot. This ‘headless’ control over the network doesn’t need a mouse, keyboard or monitor and lets us use a light weight operating system.

The defaults on Raspbian are username: pi and password: raspberry, it’s a good idea to change these.

To SSH into our pi we need to know the IP address. Logging into your router and checking the devices list is an easy way to do so. It can often be reached by browsing to page:

http://192.168.0.1

If you haven’t changed your routers login credentials I strongly suggest that you do so. The defaults can be found located on your router or online.

The IP address of the pi can also be determined using nmap to scan the subnet set to -T4 for greatest speed:

nmap -sV -T4 192.168.0.0/24

Once we know our pi’s IP address we can connect to it via ssh. On windows we may need to install a client to do this, PuTTY.exe is the most commonly used. On Mac or Linux devices SSH clients are installed by default and should run out the box from command line with:

ssh [email protected]

Of course substituting whatever our pi’s IP address actually is. We will then be prompted for a password which is ‘raspberry’ by default. We can then use the command ‘passwd’ to change the password for our default user pi.

I prefer to set my own password for the root account and then relock root as well as disallowing remote root login unless I need it for something. To do so:

sudo passwd root

By default the pi account has passwordless sudo, we can change this by editing the file /etc/sudoers.d/010_pi-nopasswd to be ‘pi ALL=(ALL) PASSWD: ALL’

sudo nano /etc/sudoers.d/010_pi-nopasswd

pi ALL=(ALL) PASSWD: ALL

cntl + x, y, enter

Since we’re running the pi headlessly we can use the command ‘sudo raspi-config’ to change the host name, change the memory split to the gpu to 16, verify/change our locality, enable predictable network names and a bunch more.

It’s a good idea to create a new user and lock user pi although changing to ssh key based authentication is secure regardless. Just to note deleting user pi rather than locking it can cause some issues. If creating a new user it will need to be added to groups:

sudo adduser new-user-name-here

sudo usermod -aG groups-here-seperated-by-commas,sudo,adm new-user-name-here

Then logout of pi into the new user, lock pi, lock root.

sudo passwd -l pi

sudo passwd -l root

For ssh key authentication we need to generate keys if we haven’t before. We can do so on our machine(not ssh’d into the pi) with the following command (for a 4096 bit key):

ssh-keygen -t rsa -b 4096

Then we can add them to the pi with:

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

Disabling password based access to the raspberry prevents anyone without the key from being able to connect. To do so edit /etc/ssh/sshd_config and make sure the password authentication line reads PasswordAuthentication no.

sudo nano /etc/ssh/sshd_config

We can then reboot the pi to make sure all our changes take effect with ‘sudo reboot’