Home

Mixmaster on a Raspberry Pi

Table Of Contents

1. Overview
2. Flashing the SD card
3. Network Settings
4. Security and SSH
4.1 Accounts
4.2 Passwords
4.3 Update System
5. Mail Server Configuration
6. Echolot Configuration

Overview

The Raspberry Pi is a credit card sized computer that supports network and USB connectivity. Its Operating System resides on an SD card which can be installed via another computer using an SD card image. It's this imaging capability that enables projects, like this one, to roll out customised OS images.

The Pi has a 700MHz ARM CPU that uses the ARMv6 instruction set. It has 500MB of memory and a standard RJ45 Ethernet port. This makes it (just!) capable of running a Mixmaster remailer and a local Echolot Pinger.

Prerequisites

Before you begin, it's worth taking a few moments to check that you can meet the basic prerequisites for running a service on the Internet. You're going to need:

If you have a static address but no domain, you can easily register one from a domain registrar. Most will also host the associated DNS entries you require.

Flashing the SD card

In order to flash the SD card with the OS, you'll need the following:

Download (approx 465MB) and unzip the image zip file.

Plug in the card reader with the SD card inserted

For Linux, this command will write the image to the card. Replace image.img with the filename of your downloaded (and decompressed) file. Replace sdx with the device for the SD card.

dd if=image.img of=/dev/sdx bs=1M

For Windows, use the Win32-Disk-Imager application instead of the above command.

Make a hot beverage, the card write will take a while.

Network Settings

Your Raspberry Pi Remailer is going to operate on the Internet so it requires configuration to match your local network environment. If you have the capability to edit files on the card directly, you can do this step now, otherwise it will have to wait until you plug it into the Pi and boot it. By default, the networking is configured to use DHCP.

If this isn't compatible with your network and you cannot change settings before booting the Pi, a keyboard and monitor will be required to configure it before the Pi can be remotely connected to.

Network settings can be changed by editing /etc/netctl/eth0. The easiest way to bring them into effect is to reboot the Pi.
reboot
At this point, the Pi should be live and on your network. Test this using a utility, such as ping, from another network attached device. If your network uses a private IP range, such as 192.168.x.x, you may need to configure your router to perform port forwarding to the Pi. The ports required are:-
Port Function
22 SSH for connecting to the host's console over the Internet. Don't enable this unless you actually want to connect to your Raspberry Pi from outside the boundaries of your LAN. If you do enable it, only use very strong passwords on accounts, or better yet, disable password authentication and use keys instead.
25 SMTP for receiving incoming email
80 HTTP for publishing your pinger stats

Security and SSH

This is in no way an extensive security guide to Linux, it just describes the basic steps for locking down access to your new system.

Accounts

Your Mixmaster Raspberry Pi has several accounts configured on it. These are:
Account Role
root The Linux root user. All powerful on your system. Beware, here be dragons!
maint The maintenance user. Primarily used for compiling packages and developing future enhancements to the image file. By default, this is the only account that can login via SSH to the Raspberry Pi once root login is disabled.
mixmaster The account used for running the Mixmaster daemon.
echolot The account used for running the Echolot Pinger.

Passwords

Your Raspberry Pi has a default root password of "root". Unless your network is isolated from the Internet, it's vulnerable to anyone logging in so the highest priority task is to change the password. To do this, login as root and change it.
passwd
Next, change the passwords for the other accounts:-
passwd maint
passwd mixmaster
passwd echolot

Note: The maint account is the only (non-root) account that is allowed to login via SSH.

Now you know the password for the maint user, the next step is to completely disable root login. You'll probably never use it use it to login again.

Edit /etc/ssh/sshd_config and make the following change:

PermitRootLogin no

Then restart the SSH daemon with:

systemctl restart sshd

Update System

Now is a good opportunity to apply the latest updates to your system. This might take a long time depending on the speed of your Internet connection and the age of the image used. It might even ask you some questions before upgrading specific packages but it's impossible to predict what these might be. Usually there is a recommended default answer but when in doubt, ask.

pacman -Syu

Mail Server (Postfix)

The last step in this stage is to edit your Pi's mail server configuration. This only involves a single change from the default unless you're planning to do more with your Pi than just running Mixmaster and Echolot.

Edit /etc/postfix/main.cf

myhostname = your_fully-qualified_hostname

Then start postfix:

systemctl start postfix

If postfix starts without any problems, enable it to start at boot time:

systemctl enable postfix

Your work as root is now complete and it's time to logout.

exit