Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Setup packages and improve security on PocketCHIP
# Set up my PocketCHIP (Debian Linux)
# NB It's recommended you set up ssh key auth before running this script
# Extra tools -- edit this to suite what you want on your CHIP
OPTIONAL_PACKAGES="vim-gtk git build-essential python-serial arduino arduino-mk"
# Update
# 1st lets fix an occasional but obscure problem during upgrade
sudo rm -rf /var/lib/apt/lists/*
sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y
# Need some tools
sudo apt-get install -y locales silversearcher-ag openssh-server $OPTIONAL_PACKAGES
# Clean up
sudo apt-get autoremove
sudo apt-get autoclean
# Let's configure international settings 1st
sudo dpkg-reconfigure locales
sudo dpkg-reconfigure tzdata
# Security set-up
# Note: do not run `sudo usermod -s /usr/sbin/nologin root` as it disables `sudo -i`
# Lock root account
sudo passwd -l root
# and let's be paranoid and disable root login via ssh as well
sudo sed -ri -e 's/^[# ]*PermitRootLogin.*$/PermitRootLogin no/' /etc/ssh/sshd_config
# Now let's fix the username and password defaults
echo For security purposes you should now change the default password on your CHIP
passwd < /dev/tty
# Change the default user name
echo You should now change the default user name on your chip -- Feel free to use your own name
echo Note: Must be a single word, lower case recommended
read -rp "Please enter the new user name " NEW_USER < /dev/tty
# Make all these changes under a single sudo session -- must be all done at once
cat <<'EOF' | sudo bash -s $USER $NEW_USER $HOME
for i in /etc/group /etc/passwd /etc/sudoers /etc/shadow ; do
sed -ri -e '/\b'$1'\b/s/\b'$1'\b/'$2'/g' $i
# Not currently needed (Dec/16) but will probably come in a future relese
if [[ -f /etc/sudoers.d/010_${1}-nopasswd ]] ; then
mv /etc/sudoers.d/010_${1}-nopasswd /etc/sudoers.d/010_${2}-nopasswd
sed -ri -e '/\b'$1'\b/s/\b'$1'\b/'$2'/g' /etc/sudoers.d/010_$2-nopasswd
# Rename home directory
mv $3 /home/$2
# There are a few config files with the default username hard coded
sed -ri -e "/User=$1/s//User=$2/" $(ag -l "User=$1" /etc/)
sed -ri -e "/autologin-user=$1/s//autologin-user=$2/" /etc/lightdm/lightdm.conf
# Networking changes
# Change the hostname
echo We are now now going to change the default hostname on your CHIP. Please enter a single word that only contains
echo lower case letters, numbers and \"-\". It must start with a lower case letter.
read -rp "Please enter the new host name " NEW_HOSTNAME < /dev/tty
cat <<'EOF' | sudo bash -s $NEW_HOSTNAME
# Must do this 1st
sed -i -re 's/^(..*)'$(hostname)'(.*)$/\1'$1'\2/' /etc/hosts
hostname $1
echo $1 > /etc/hostname
invoke-rc.d start
invoke-rc.d networking force-reload
invoke-rc.d avahi-daemon force-reload
systemctl daemon-reload
cat <<'EOF'
If you have installed a public ssh key on your CHIP you can now disable password access
Before answering yes to the next question please make sure you have installed the key correctly
and can succesfully login using the ssh key (i.e. you are not prompted for a password). If
you say yes to the next question and don't have a working ssh key you will need to reflash your CHIP.
Note: You can "hop over" to another terminal session to install and test the key now if you want.
read -rp "Please confirm you have installed your ssh public key on the PocketCHIP [N/y]? " < /dev/tty
if [[ "$REPLY" =~ ^[Yy]$ ]] ; then
# Disable password access via ssh. You should have installed an ssh public key 1st!
sudo sed -ri -e 's/^[# ]*PasswordAuthentication.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
echo You can now access this device as $NEW_USER@$(hostname).local using ssh keys only
echo You can now access this device as $NEW_USER@$(hostname).local using you new password
sudo service sshd restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.