Automatically update OpenSSH on a Raspberry Pi
I just bought myself a gorgeous Raspberry Pi 3 Model B+ to use as a headless server and all-round tinkering machine. Itβs small, power efficient and fast enough for my usage:
- Cortex-A53 (ARMv8) 64-bit SoC @ 1.4GHz
- 1GB LPDDR2 SDRAM
Enable SSH support
Installation is super easy, just follow the instructions on Raspberry Pi website, with one exception. As of the November 2016 release, the default Raspberry Pi OS, Raspbian, has the SSH server disabled by default.
To enable SSH, you need to either configure it after OS installation has completed as per instructions here, or while preparing your SD card:
For headless setup, SSH can be enabled by placing a file named ssh, without any extension, onto the boot partition of the SD card. When the Pi boots, it looks for the ssh file. If it is found, SSH is enabled, and the file is deleted. The content of the file does not matter: it could contain text, or nothing at all.
Automatically update OpenSSH
Since SSH enables remote access to your Pi, it is essential to at least keep this part of the software up to date. Luckily, since this is a *nix, this is easy.
Logon to your Pi using ssh
ssh pi@raspberrypi
A default password that the entire Internet knows, is not the most secure password. Remember to change the password of the pi user if you havenβt already done so. This is done through the command line passwd application:
passwd
Update OpenSSH
To update OpenSSH, just run the following command:
sudo apt -y install openssh-server
Automatic updates every night
Now for the juicy part. You want to keep OpenSSH updated all the time, not just when you remember to run the update command manually. To do this, we can use a scheduled task with Cron.
Run crontab -e to edit the cron table.
crontab -e
You will be prompted to chose to chose an editor. I chose nano since Iβm mostly a UI guy π€£
The layout for a cron entry is made up of six components: minute, hour, day of month, month of year, day of week, and the command to be executed.
# m h dom mon dow command
# * * * * * command to execute
# β¬ β¬ β¬ β¬ β¬
# β β β β β
# β β β β β
# β β β β ββββββ day of week (0 - 7) (0 to 6 are Sunday to Saturday, or use names; 7 is Sunday, the same as 0)
# β β β βββββββββββ month (1 - 12)
# β β ββββββββββββββββ day of month (1 - 31)
# β βββββββββββββββββββββ hour (0 - 23)
# ββββββββββββββββββββββββββ min (0 - 59)
Thus our nightly update job can look like this:
0 5 * * * sudo apt -y install openssh-server
It will run every day at 05:00.
To see your task later, run:
crontab -l