Improving Security
This document depicts a few steps for enhancing the security of your TAPPER.
SSH with public-key authentication only
This allows for a safer and faster login.
Procedure
- Before flashing your Raspberry Pi with RPi Imager, go to the OS Customization and turn on SSH with public-key autherntication only.
- An EdDSA (Ed25519) SSH key is recommended
- If you don't have an SSH key you could use, make a new one
ssh-keygen -t ed25519
- If you don't have an SSH key you could use, make a new one
- An EdDSA (Ed25519) SSH key is recommended
MQTT with TLS
MQTT can work using TLS. This is recomended as it prevents eavesdropping and unauthorized requests.
Procedure
The entire TLS Setup is described in MQTT TLS Setup.
WiFi passphrase as a hash instead of clear text
Wifi passphrase in the config file can be the hash generated by wpa_psk.
Procedrue
- In your terminal, type
wpa_passphrase <SSID> <PASSPHRASE>- Example:
$ wpa_passphrase "ExampleSSID" "ExamplePassphrase"
network={
ssid="ExampleSSID"
#psk="ExamplePassphrase"
psk=e8aecc0d08936c19af0f377de39a2412c5025fce8d8140b122c33dc346ae3b10
} - Copy the
pskand put it into your config:- Example:
wifi:
network: "ExampleSSID"
passphrase: "e8aecc0d08936c19af0f377de39a2412c5025fce8d8140b122c33dc346ae3b10"
...