Runar Ovesen Hjerpbakk

Software Philosopher

Automatically update OpenSSH on a Raspberry Pi

I just bought myself a gorgeous Raspberry Pi 3 Model B+ to use as a headless server and all-round tinkering machine. It’s small, power efficient and fast enough for my usage:

  • Cortex-A53 (ARMv8) 64-bit SoC @ 1.4GHz

Enable SSH support

Installation is super easy, just follow the instructions on Raspberry Pi website, with one exception. As of the November 2016 release, the default Raspberry Pi OS, Raspbian, has the SSH server disabled by default.

To enable SSH, you need to either configure it after OS installation has completed as per instructions here, or while preparing your SD card:

For headless setup, SSH can be enabled by placing a file named ssh, without any extension, onto the boot partition of the SD card. When the Pi boots, it looks for the ssh file. If it is found, SSH is enabled, and the file is deleted. The content of the file does not matter: it could contain text, or nothing at all.

Automatically update OpenSSH

Since SSH enables remote access to your Pi, it is essential to at least keep this part of the software up to date. Luckily, since this is a *nix, this is easy.

Logon to your Pi using ssh

ssh pi@raspberrypi

A default password that the entire Internet knows, is not the most secure password. Remember to change the password of the pi user if you haven’t already done so. This is done through the command line passwd application:


Update OpenSSH

To update OpenSSH, just run the following command:

sudo apt -y install openssh-server

Automatic updates every night

Now for the juicy part. You want to keep OpenSSH updated all the time, not just when you remember to run the update command manually. To do this, we can use a scheduled task with Cron.

Run crontab -e to edit the cron table.

crontab -e

You will be prompted to chose to chose an editor. I chose nano since I’m mostly a UI guy 🀣

The layout for a cron entry is made up of six components: minute, hour, day of month, month of year, day of week, and the command to be executed.

# m h  dom mon dow   command
# * * * * *  command to execute
# ┬ ┬ ┬ ┬ ┬
# β”‚ β”‚ β”‚ β”‚ β”‚
# β”‚ β”‚ β”‚ β”‚ β”‚
# β”‚ β”‚ β”‚ β”‚ └───── day of week (0 - 7) (0 to 6 are Sunday to Saturday, or use names; 7 is Sunday, the same as 0)
# β”‚ β”‚ β”‚ └────────── month (1 - 12)
# β”‚ β”‚ └─────────────── day of month (1 - 31)
# β”‚ └──────────────────── hour (0 - 23)
# └───────────────────────── min (0 - 59)

Thus our nightly update job can look like this:

0 5 * * * sudo apt -y install openssh-server

It will run every day at 05:00.

To see your task later, run:

crontab -l