Raspberry Pi OSの最新化と、SSHのセキュリティな設定を行い万全な環境を作ります。
Raspberry Pi OSアップデート
パッケージのアップデート
インストールパッケージをアップデート。
$ sudo apt-get -y update
Get:1 http://deb.debian.org/debian trixie InRelease [140 kB]
Get:2 http://deb.debian.org/debian trixie-updates InRelease [47.3 kB]
Get:3 http://deb.debian.org/debian-security trixie-security InRelease [43.4 kB]
Get:4 http://deb.debian.org/debian trixie/main arm64 Packages [9,607 kB]
Get:5 http://deb.debian.org/debian trixie/main armhf Packages [9,238 kB]
Get:6 http://archive.raspberrypi.com/debian trixie InRelease [54.8 kB]
Get:7 http://deb.debian.org/debian trixie/main Translation-en [6,484 kB]
Get:8 http://archive.raspberrypi.com/debian trixie/main armhf Packages [373 kB]
Get:9 http://deb.debian.org/debian trixie/contrib armhf Packages [42.6 kB]
Get:10 http://deb.debian.org/debian trixie/contrib arm64 Packages [48.4 kB]
Get:11 http://deb.debian.org/debian-security trixie-security/main arm64 Packages [108 kB]
Get:12 http://deb.debian.org/debian-security trixie-security/main armhf Packages [102 kB]
Get:13 http://deb.debian.org/debian-security trixie-security/main Translation-en [69.9 kB]
Get:14 http://archive.raspberrypi.com/debian trixie/main arm64 Packages [377 kB]
Fetched 26.6 MB in 7s (3,828 kB/s)
Reading package lists... Done
N: Repository 'http://deb.debian.org/debian trixie InRelease' changed its 'Version' value from '13.2' to '13.3'$ sudo apt-get -y dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages will be REMOVED:
libcamera0.6
The following NEW packages will be installed:
awb-nn libabsl20240722 libcamera0.7 libcpuinfo0 libdrm-amdgpu1 libegl-mesa0 libegl1 libfarmhash0 libgbm1
libgles2 libglvnd0 libllvm19 libsensors-config libsensors5 libtensorflow-lite2.20.0 libwayland-client0
libwayland-server0 libx11-xcb1 libxcb-dri3-0 libxcb-present0 libxcb-randr0 libxcb-shm0 libxcb-sync1
libxcb-xfixes0 libxshmfence1 libz3-4 linux-headers-6.12.62+rpt-common-rpi linux-headers-6.12.62+rpt-rpi-2712
linux-headers-6.12.62+rpt-rpi-v8 linux-image-6.12.62+rpt-rpi-2712 linux-image-6.12.62+rpt-rpi-v8
linux-kbuild-6.12.62+rpt mesa-libgallium
The following packages will be upgraded:
base-files bash busybox dhcpcd-base dirmngr e2fsprogs exfatprogs gnupg gnupg-l10n gnupg-utils gpg gpg-agent
gpg-wks-client gpgconf gpgsm gpgv libc-bin libc-dev-bin libc-l10n libc6 libc6-dev libcamera-ipa libcap2
libcap2-bin libcom-err2 libext2fs2t64 libglib2.0-0t64 libglib2.0-data libgnutls30t64 libpng16-16t64
librpicam-app1 libsodium23 libss2 libssl3t64 linux-headers-rpi-2712 linux-headers-rpi-v8 linux-image-rpi-2712
linux-image-rpi-v8 linux-libc-dev locales logsave openssl openssl-provider-legacy python3-pip-whl
python3-urllib3 rpi-connect-lite rpi-eeprom rpicam-apps-core rpicam-apps-lite rsync sq sqv
52 upgraded, 33 newly installed, 1 to remove and 0 not upgraded.
Need to get 181 MB of archives.
After this operation, 341 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian trixie/main arm64 base-files arm64 13.8+deb13u3 [73.2 kB]
Get:2 http://deb.debian.org/debian trixie/main arm64 bash arm64 5.2.37-2+b7 [1,457 kB]
Get:3 http://deb.debian.org/debian trixie/main arm64 libglvnd0 arm64 1.7.0-1+b2 [41.6 kB]
Get:4 http://deb.debian.org/debian trixie/main arm64 libdrm-amdgpu1 arm64 2.4.124-2 [21.8 kB]
Get:5 http://deb.debian.org/debian trixie/main arm64 libz3-4 arm64 4.13.3-1 [7,507 kB]
Get:6 http://archive.raspberrypi.com/debian trixie/main arm64 libc6-dev arm64 2.41-12+rpt1+deb13u1 [2,353 kB]
Get:7 http://deb.debian.org/debian trixie/main arm64 libllvm19 arm64 1:19.1.7-3+b1 [23.3 MB]
Get:8 http://archive.raspberrypi.com/debian trixie/main arm64 libc-dev-bin arm64 2.41-12+rpt1+deb13u1 [62.1 kB]
Get:9 http://archive.raspberrypi.com/debian trixie/main arm64 linux-libc-dev all 1:6.12.62-1+rpt1 [2,353 kB]
Get:10 http://deb.debian.org/debian trixie/main arm64 libsensors-config all 1:3.6.2-2 [16.2 kB]
Get:11 http://deb.debian.org/debian trixie/main arm64 libsensors5 arm64 1:3.6.2-2 [36.4 kB]
Get:12 http://deb.debian.org/debian trixie/main arm64 libx11-xcb1 arm64 2:1.8.12-1 [247 kB]
Get:13 http://deb.debian.org/debian trixie/main arm64 libxcb-dri3-0 arm64 1.17.0-2+b1 [107 kB]
Get:14 http://deb.debian.org/debian trixie/main arm64 libxcb-present0 arm64 1.17.0-2+b1 [106 kB]
Get:15 http://deb.debian.org/debian trixie/main arm64 libxcb-randr0 arm64 1.17.0-2+b1 [117 kB]
Get:16 http://deb.debian.org/debian trixie/main arm64 libxcb-sync1 arm64 1.17.0-2+b1 [109 kB]
Get:17 http://deb.debian.org/debian trixie/main arm64 libxcb-xfixes0 arm64 1.17.0-2+b1 [110 kB]
Get:18 http://deb.debian.org/debian trixie/main arm64 libxshmfence1 arm64 1.3.3-1 [11.1 kB]
Get:19 http://deb.debian.org/debian trixie/main arm64 libxcb-shm0 arm64 1.17.0-2+b1 [105 kB]
Get:20 http://deb.debian.org/debian trixie/main arm64 libegl1 arm64 1.7.0-1+b2 [34.0 kB]
Get:21 http://deb.debian.org/debian trixie/main arm64 libgles2 arm64 1.7.0-1+b2 [18.0 kB]
Get:22 http://deb.debian.org/debian trixie/main arm64 libgnutls30t64 arm64 3.8.9-3+deb13u1 [1,375 kB]
Get:23 http://archive.raspberrypi.com/debian trixie/main arm64 libc6 arm64 2.41-12+rpt1+deb13u1 [5,184 kB]
Get:24 http://deb.debian.org/debian trixie/main arm64 libabsl20240722 arm64 20240722.0-4 [452 kB]
Get:25 http://deb.debian.org/debian trixie/main arm64 libcpuinfo0 arm64 0.0~git20250327.39ea79a-1 [25.9 kB]
Get:26 http://deb.debian.org/debian trixie/main arm64 libfarmhash0 arm64 0~git20190513.0d859a8-3+b1 [10.5 kB]
Get:27 http://deb.debian.org/debian trixie/main arm64 libpng16-16t64 arm64 1.6.48-1+deb13u1 [275 kB]
Get:28 http://deb.debian.org/debian trixie/main arm64 logsave arm64 1.47.2-3+b7 [24.8 kB]
Get:29 http://deb.debian.org/debian trixie/main arm64 libext2fs2t64 arm64 1.47.2-3+b7 [205 kB]
Get:30 http://deb.debian.org/debian trixie/main arm64 e2fsprogs arm64 1.47.2-3+b7 [566 kB]
Get:31 http://deb.debian.org/debian trixie/main arm64 rsync arm64 3.4.1+ds1-5+deb13u1 [408 kB]
Get:32 http://deb.debian.org/debian trixie/main arm64 libcap2 arm64 1:2.75-10+b3 [28.2 kB]
Get:33 http://deb.debian.org/debian trixie/main arm64 sqv arm64 1.3.0-3+b2 [612 kB]
Get:34 http://archive.raspberrypi.com/debian trixie/main arm64 libc-bin arm64 2.41-12+rpt1+deb13u1 [765 kB]
Get:35 http://deb.debian.org/debian trixie/main arm64 dhcpcd-base arm64 1:10.1.0-11+deb13u2 [188 kB]
Get:36 http://deb.debian.org/debian trixie/main arm64 busybox arm64 1:1.37.0-6+b5 [454 kB]
Get:37 http://archive.raspberrypi.com/debian trixie/main arm64 libwayland-server0 arm64 1.23.1-3+rpt1+b1 [42.0 kB]
Get:38 http://archive.raspberrypi.com/debian trixie/main arm64 mesa-libgallium arm64 25.0.7-2+rpt3 [11.8 MB]
Get:39 http://deb.debian.org/debian trixie/main arm64 gpgsm arm64 2.4.7-21+deb13u1+b1 [252 kB]
Get:40 http://deb.debian.org/debian trixie/main arm64 gnupg-utils arm64 2.4.7-21+deb13u1+b1 [182 kB]
Get:41 http://deb.debian.org/debian trixie/main arm64 gpg-wks-client arm64 2.4.7-21+deb13u1+b1 [102 kB]
Get:42 http://deb.debian.org/debian trixie/main arm64 gpg arm64 2.4.7-21+deb13u1+b1 [579 kB]
Get:43 http://deb.debian.org/debian trixie/main arm64 dirmngr arm64 2.4.7-21+deb13u1+b1 [359 kB]
Get:44 http://deb.debian.org/debian trixie/main arm64 gnupg all 2.4.7-21+deb13u1 [417 kB]
Get:45 http://deb.debian.org/debian trixie/main arm64 gpgconf arm64 2.4.7-21+deb13u1+b1 [122 kB]
Get:46 http://deb.debian.org/debian trixie/main arm64 gpg-agent arm64 2.4.7-21+deb13u1+b1 [249 kB]
Get:47 http://deb.debian.org/debian trixie/main arm64 gnupg-l10n all 2.4.7-21+deb13u1 [749 kB]
Get:48 http://deb.debian.org/debian trixie/main arm64 exfatprogs arm64 1.2.9-1+deb13u1 [68.1 kB]
Get:49 http://deb.debian.org/debian trixie/main arm64 gpgv arm64 2.4.7-21+deb13u1+b1 [221 kB]
Get:50 http://deb.debian.org/debian trixie/main arm64 libcap2-bin arm64 1:2.75-10+b3 [35.5 kB]
Get:51 http://deb.debian.org/debian trixie/main arm64 libcom-err2 arm64 1.47.2-3+b7 [24.9 kB]
Get:52 http://deb.debian.org/debian trixie/main arm64 libglib2.0-0t64 arm64 2.84.4-3~deb13u2 [1,428 kB]
Get:53 http://deb.debian.org/debian trixie/main arm64 libglib2.0-data all 2.84.4-3~deb13u2 [1,286 kB]
Get:54 http://deb.debian.org/debian-security trixie-security/main arm64 libsodium23 arm64 1.0.18-1+deb13u1 [120 kB]
Get:55 http://deb.debian.org/debian trixie/main arm64 libss2 arm64 1.47.2-3+b7 [29.4 kB]
Get:56 http://deb.debian.org/debian-security trixie-security/main arm64 python3-urllib3 all 2.3.0-3+deb13u1 [115 kB]
Get:57 http://deb.debian.org/debian trixie/main arm64 sq arm64 1.3.1-2+b2 [4,979 kB]
Get:58 http://archive.raspberrypi.com/debian trixie/main arm64 libgbm1 arm64 25.0.7-2+rpt3 [53.6 kB]
Get:59 http://archive.raspberrypi.com/debian trixie/main arm64 libwayland-client0 arm64 1.23.1-3+rpt1+b1 [32.2 kB]
Get:60 http://archive.raspberrypi.com/debian trixie/main arm64 libegl-mesa0 arm64 25.0.7-2+rpt3 [156 kB]
Get:61 http://archive.raspberrypi.com/debian trixie/main arm64 libtensorflow-lite2.20.0 arm64 2.20.0-1+rpt1 [1,428 kB]
Get:62 http://archive.raspberrypi.com/debian trixie/main arm64 librpicam-app1 arm64 1.11.1-1 [280 kB]
Get:63 http://archive.raspberrypi.com/debian trixie/main arm64 rpicam-apps-core arm64 1.11.1-1 [262 kB]
Get:64 http://archive.raspberrypi.com/debian trixie/main arm64 libcamera-ipa arm64 0.7.0+rpt20260205-1 [1,100 kB]
Get:65 http://archive.raspberrypi.com/debian trixie/main arm64 libcamera0.7 arm64 0.7.0+rpt20260205-1 [834 kB]
Get:66 http://archive.raspberrypi.com/debian trixie/main arm64 openssl-provider-legacy arm64 3.5.4-1~deb13u2+rpt1 [317 kB]
Get:67 http://archive.raspberrypi.com/debian trixie/main arm64 libssl3t64 arm64 3.5.4-1~deb13u2+rpt1 [3,428 kB]
Get:68 http://archive.raspberrypi.com/debian trixie/main arm64 libc-l10n all 2.41-12+rpt1+deb13u1 [1,654 kB]
Get:69 http://archive.raspberrypi.com/debian trixie/main arm64 locales all 2.41-12+rpt1+deb13u1 [5,108 kB]
Get:70 http://archive.raspberrypi.com/debian trixie/main arm64 awb-nn all 0~git20251217.c7112b6-1 [70.2 kB]
Get:71 http://archive.raspberrypi.com/debian trixie/main arm64 linux-headers-6.12.62+rpt-common-rpi all 1:6.12.62-1+rpt1 [8,798 kB]
Get:72 http://archive.raspberrypi.com/debian trixie/main arm64 linux-image-6.12.62+rpt-rpi-2712 arm64 1:6.12.62-1+rpt1 [32.7 MB]
Get:73 http://archive.raspberrypi.com/debian trixie/main arm64 linux-kbuild-6.12.62+rpt arm64 1:6.12.62-1+rpt1 [1,381 kB]
Get:74 http://archive.raspberrypi.com/debian trixie/main arm64 linux-headers-6.12.62+rpt-rpi-2712 arm64 1:6.12.62-1+rpt1 [1,385 kB]
Get:75 http://archive.raspberrypi.com/debian trixie/main arm64 linux-image-6.12.62+rpt-rpi-v8 arm64 1:6.12.62-1+rpt1 [32.7 MB]
Get:76 http://archive.raspberrypi.com/debian trixie/main arm64 linux-headers-6.12.62+rpt-rpi-v8 arm64 1:6.12.62-1+rpt1 [1,385 kB]
Get:77 http://archive.raspberrypi.com/debian trixie/main arm64 linux-headers-rpi-2712 arm64 1:6.12.62-1+rpt1 [1,156 B]
Get:78 http://archive.raspberrypi.com/debian trixie/main arm64 linux-headers-rpi-v8 arm64 1:6.12.62-1+rpt1 [1,156 B]
Get:79 http://archive.raspberrypi.com/debian trixie/main arm64 linux-image-rpi-2712 arm64 1:6.12.62-1+rpt1 [1,432 B]
Get:80 http://archive.raspberrypi.com/debian trixie/main arm64 linux-image-rpi-v8 arm64 1:6.12.62-1+rpt1 [1,432 B]
Get:81 http://archive.raspberrypi.com/debian trixie/main arm64 openssl arm64 3.5.4-1~deb13u2+rpt1 [1,558 kB]
Get:82 http://archive.raspberrypi.com/debian trixie/main arm64 python3-pip-whl all 25.1.1+dfsg-1+rpt1 [1,505 kB]
Get:83 http://archive.raspberrypi.com/debian trixie/main arm64 rpi-connect-lite arm64 2.7.0 [8,186 kB]
Get:84 http://archive.raspberrypi.com/debian trixie/main arm64 rpi-eeprom all 28.12-1 [4,625 kB]
Get:85 http://archive.raspberrypi.com/debian trixie/main arm64 rpicam-apps-lite all 1.11.1-1 [4,460 B]
Fetched 181 MB in 18s (9,934 kB/s)
apt-listchanges: Reading changelogs...
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 68502 files and directories currently installed.)
Preparing to unpack .../libc6-dev_2.41-12+rpt1+deb13u1_arm64.deb ...
Unpacking libc6-dev:arm64 (2.41-12+rpt1+deb13u1) over (2.41-12+rpt1) ...
Preparing to unpack .../libc-dev-bin_2.41-12+rpt1+deb13u1_arm64.deb ...
Unpacking libc-dev-bin (2.41-12+rpt1+deb13u1) over (2.41-12+rpt1) ...
Preparing to unpack .../linux-libc-dev_1%3a6.12.62-1+rpt1_all.deb ...
Unpacking linux-libc-dev (1:6.12.62-1+rpt1) over (1:6.12.47-1+rpt1) ...
Preparing to unpack .../libc6_2.41-12+rpt1+deb13u1_arm64.deb ...
Unpacking libc6:arm64 (2.41-12+rpt1+deb13u1) over (2.41-12+rpt1) ...
Setting up libc6:arm64 (2.41-12+rpt1+deb13u1) ...
(Reading database ... 68502 files and directories currently installed.)
Preparing to unpack .../base-files_13.8+deb13u3_arm64.deb ...
・
・
・$ sudo apt-get -y autoremove
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.$ sudo apt-get autoclean
Reading package lists... Done
Building dependency tree... Done
Reading state information... DoneLinuxカーネルのアップデート
途中”y”の入力が必要なので注意ください。
$ sudo rpi-update
*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
*** Performing self-update
*** Relaunching after update
*** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
FW_REV:b3921eb5480bb4938ef9a2d82f8e041346dc5bfa
BOOTLOADER_REV:d9e44d8bb3b05b8e5f9f58e28fc95f1c909e924f
*** We're running for the first time
*** Backing up files (this will take a few minutes)
*** Backing up firmware
*** Backing up modules 6.12.47+rpt-rpi-v8
WANT_32BIT:0 WANT_64BIT:1 WANT_64BIT_RT:0 WANT_PI4:1 WANT_PI5:1
Updating a system with initramfs configured is not supported by rpi-update.
If your system relies on drivers provided by the initramfs (e.g. custom filesystem options)
it may not boot without regenerating the initramfs.
If you are unsure, test if your system boots with initramfs options disabled from config.txt
Would you like to proceed? (y/N) <== yを入力
##############################################################
WARNING: This update bumps to rpi-6.12.y linux tree
See discussions at:
https://forums.raspberrypi.com/viewtopic.php?t=379745
##############################################################
Would you like to proceed? (y/N) <== yを入力
Downloading bootloader tools
Downloading bootloader images
*** Downloading specific firmware revision (this will take a few minutes)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 185M 100 185M 0 0 9.8M 0 0:00:18 0:00:18 --:--:-- 8150k
*** PREPARING EEPROM UPDATES ***
BOOTLOADER: update available
CURRENT: Mon 8 Dec 19:23:42 UTC 2025 (1765221822)
LATEST: Fri 6 Feb 14:13:56 UTC 2026 (1770387236)
RELEASE: latest (/usr/lib/firmware/raspberrypi/bootloader-2711/latest)
Use raspi-config to change the release.
VL805_FW: Dedicated VL805 EEPROM
VL805: up to date
CURRENT: 000138c0
LATEST: 000138c0
CURRENT: Mon 8 Dec 19:23:42 UTC 2025 (1765221822)
UPDATE: Fri 6 Feb 14:13:56 UTC 2026 (1770387236)
BOOTFS: /boot/firmware
'/tmp/tmp.2H5QjI9p9T' -> '/boot/firmware/pieeprom.upd'
Copying recovery.bin to /boot/firmware for EEPROM update
EEPROM updates pending. Please reboot to apply the update.
To cancel a pending update run "sudo rpi-eeprom-update -r".
*** Updating firmware
*** Updating kernel modules
*** depmod 6.12.70-v8-16k+
*** depmod 6.12.70-v8-rt+
*** depmod 6.12.70-v8+
*** Updating VideoCore libraries
*** Running ldconfig
*** Storing current firmware revision
*** Deleting downloaded files
*** Syncing changes to disk
*** If no errors appeared, your firmware was successfully updated to b3921eb5480bb4938ef9a2d82f8e041346dc5bfa
*** A reboot is needed to activate the new firmwareシステムの再起動をしましょう。
$ sudo reboot更新されたOSのバージョン確認は、
$ vcgencmd version
2025/10/08 17:19:18
Copyright (c) 2012 Broadcom
version a06c733f (release) (embedded)SSHのセキュリティ強度アップと整備
SSHのホスト鍵の更新
$ sudo rm -v /etc/ssh/ssh_host*
removed '/etc/ssh/ssh_host_ecdsa_key'
removed '/etc/ssh/ssh_host_ecdsa_key.pub'
removed '/etc/ssh/ssh_host_ed25519_key'
removed '/etc/ssh/ssh_host_ed25519_key.pub'
removed '/etc/ssh/ssh_host_rsa_key'
removed '/etc/ssh/ssh_host_rsa_key.pub'$ sudo dpkg-reconfigure openssh-server
Creating SSH2 RSA key; this may take some time ...
3072 SHA256:W4BwP59rStOp0qWvlQKQP6M8MBkMLZK/nb2T2sWEOms root@raspberrypi5 (RSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:gkBFgzOFpe1nczn7OBVx6qT1GKpBNSNGMxeJF4rLt1I root@raspberrypi5 (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:SxlVMIb80boZTdiBbHvCXu0Szdy9PX2xxgZF2EV86dE root@raspberrypi5 (ED25519)
ssh.socket is a disabled or a static unit not running, not starting it.SSHの設定変更
設定ファイルを開いて各種設定を変更する。
$ sudo vi /etc/ssh/sshd_config
ももぶろ
viの超簡単な使い方は、ここを見てね
既に定義されている行は内容の変更を、無い時は行を追加してください。
#が行頭に入っている行はコメントなので、追加しなくても大丈夫です。
####################
# ログインの高速化
####################
#IP V4に特定
AddressFamily inet
#hostがあればコメントに変更
#host *
#GSSAPIAuthenticationを未使用
GSSAPIAuthentication no
#########################
# SSHのセキュリティ設定
#########################
#sshでrootにlogin出来なくする
PermitRootLogin no
#セッションを張ってからログインするまでの猶予時間を長めに
LoginGraceTime 30
#リトライ回数設定して、一旦切断
MaxAuthTries 3
#SSHバージョン2のみ利用を許可します。
Protocol 2
#########################
# 接続を許可するユーザがある時は追加
#########################
#AllowUsers newuserももぶろ
接続を許可するユーザは、先程新しく作ったユーザを指定してね。
設定した内容が正しいか確認
下記のコマンドで設定した内容が正しいか確認。
$ sudo sshd -t <=正しいと何も表示されません。SSHのサービスを再起動
下記のコマンドで、SSHのサービスを再起動します。
$ sudo systemctl restart sshd.service <=正しく実行されると何も表示されません。後は、SSH(Teraterm)でログインできれば、問題なし。
ももぶろ
サーバ単体のセキュリティはこれで大丈夫
