About / Use Cases
I am running this website off of Ubuntu 20.04 Server on a Raspberry Pi 4. I have several Raspberry Pi’s, and several Ubuntu Golden Images that I use when I need to start a development process on a clean machine. Golden Images are essentially the your official distributions iso / img file, customized to your liking, and then re-imaged to become a customized ISO file, that you can flash onto any one of your compatible devices, and have all of your configurations, updates, and settings already in place.
For example, in my Raspberry Pi Ubuntu Server Installation, I have downloaded the Raspberry Pi 4 official Ubuntu Server Image, booted it up and made some configuration changes to it, like adding custom repositories, updating it, making it usb bootable, and securing it’s configuration files. Once I’ve done all of these things, I use either the DD Command, or ApplePi Baker to re-image my Ubuntu Installation to an .iso or .img file. Once I re-image it, I can just burn or flash that .img file to another disk drive or usb stick, and plug it in to any one of my Raspberry Pi’s to have all of my custom settings, updates, and configurations setup and ready to go for me. This is great practice when running a production server on a Raspberry Pi 4, but you need another Raspberry Pi 3/4 development server to build upgrades for your production server from source, and you don’t want to litter your production server with build code.
The reason that I am writing this tutorial, is that in creating my golden Images, I found a problem. In router, I have my Raspberry Pi’s statically routed to specific IP addresses based on the MAC address. This makes things less prone to error rather then configuring a static IP directly in your Pi, and then plugging it into a different router that has a different subnet then the static IP addressed on the Pi, causing your Pi to not properly connect to your router, and thus forcing you to plug a keyboard and monitor into your Pi Directly to change it’s IP address to a suitable one.
THE PROBLEM THIS SOLVES:
When trying to connect to your Golden Image using the SSH command, or preconfigured SSH settings, your router will change your Raspberry Pi’s IP address based on the which Raspberry Pi you have it plugged into, since every Raspberry Pi has a single mac address hardwired into each network device. Meaning, that if you have two completely Pi’s, and want to move the operating system from Pi (1), to Pi (2), or you want to boot up a golden Image you made on Pi (1), and boot it up on Pi (2), you are going to have different mac addresses for the same operating system and same golden image. This then requires you to go back into your router and change your Raspberry Pi’s Static IP address to something that aligns with your ssh config settings, OR, it requires you to change your ssh settings to align with the Pi’s new MAC Address based off of the hardware you are using.
With my solution here, you will never have to change your Pi’s Static IP address in your router no matter what Pi you boot your golden image from, because our custom MAC address will be permanently tied to our golden image. So no more switching ssh commands or configurations, and no more changing your Pi’s IP address statically in your router every time you use the same OS on a different Pi. This solution essentially embeds a permanent MAC address into your golden image so you no longer have to fuss with IP address and Mac Addresses in your router. Instead, you can tie IP addresses directly to MAC addresses specific to that golden Image. Your Pi (or any computer) will always have the same local IP no matter what hardware you are booting your OS from. Great! Now that I’ve explained an ideal use case for this tutorial, lets get down to it!
How to permanently change your MAC Address of your network devices to a static IP on Raspberry Pi (Ubuntu/Raspberry Pi OS) for creating a Golden Image of your server tutorial
1) Boot up your Raspberry Pi Server Golden Image (Ubuntu or Raspberry Pi OS) and ssh into it from the terminal (if you are using MacOS or Linux) or putty (if you are using windows). Otherwise you can open up the terminal locally if your server has a keyboard and a monitor.
2) Download macchanger and iproute2 using apt
sudo apt update && sudo apt install macchanger iproute2During the macchanger installer, select the “no” option so you don’t automatically change your mac address.
3) Create a file with your nano editor,
sudo nano /etc/systemd/system/macspoof-ethernet@.serviceand paste the following code into this file. Be sure to change xx.xx in the mac address to any custom numbers and letters that you want.
[Unit]
Description=Spoofing MAC address on eth0
Wants=network-pre.target
Before=network-pre.target
BindsTo=sys-subsystem-net-devices-eth0.device
After=sys-subsystem-net-devices-eth0.device
[Service]
ExecStartPre=ip link set eth0 down
ExecStartPost=ip link set eth0 up
ExecStart=/usr/bin/macchanger -m dc:a6:32:xx:xx:c3 eth0
Type=oneshot
[Install]
WantedBy=multi-user.targetSave and exit nano editor.
4) Create another file in systemd called macspoof-wifi@.service.
sudo nano /etc/systemd/system/macspoof-wifi@.serviceCopy and paste the following content replacing xx:xx with custom numbers and letters of your choice:
[Unit]
Description=Spoofing MAC address on wlan0
Wants=network-pre.target
Before=network-pre.target
BindsTo=sys-subsystem-net-devices-wlan0.device
After=sys-subsystem-net-devices-wlan0.device
[Service]
ExecStartPre=ip link set wlan0 down
ExecStartPost=ip link set wlan0 up
ExecStart=/usr/bin/macchanger -m dc:a6:32:xx:xx:c4 wlan0
Type=oneshot
[Install]
WantedBy=multi-user.targetSave and exit nano editor.
5) Reload the daemon
sudo systemctl daemon-reload6) Enable your new Mac Addresses for both interfaces on system boot.
sudo systemctl enable macspoof-ethernet@eth0.servicesudo systemctl enable macspoof-wifi@wlan0.service7) Activate and start both of your new mac addresses.
Note: Once you run these commands, you will lose your ssh connection. You will have to then wait a few seconds to a minute before your ethernet and wifi cards obtain their new mac addresses, which in turn will create a new local IP addresss by your router, for each interface. After you run this command and get disconnected, check your router logs to see the new IP addresses it has issued for each corresponding MAC addresses. Then change your router to set those IP addresses as static addresses. Then SSH back into your system using one of the new IP addresses of your Raspberry Pi.
Now go ahead and run the following command to change your Ethernet MAC address (be sure you are ssh’d through your Wi-Fi connection so you don’t lose your connection yet):
sudo systemctl start macspoof-ethernet@eth0.serviceThen connect to ethernet and ssh with your new IP, and run the next command to change your Wi-Fi MAC address:
sudo systemctl start macspoof-wifi@wlan0.serviceWait for your router to reconnect to the new MAC addresses, then ssh back into your Raspberry Pi using it’s new static IP address.
Check to be sure that your MAC addresses are properly spoofed:
sudo macchanger -s eth0 && sudo macchanger -s wlan08) Reboot your Raspberry Pi, and you should now have your custom MAC Addresses for your ethernet and wireless interfaces upon every boot.
Log in with ssh and check again to be sure:
sudo macchanger -s eth0 && sudo macchanger -s wlan0
9) Now, before we proceed to step 10, lets go ahead and change your hostname to reflect the fact that this is a golden image which will be used to begin the creation of other server projects on your current or different Raspberry Pi devices.
Change your normal hostname:
sudo hostnamectl set-hostname "Ubuntu-Golden-Image"Change your pretty hostname:
sudo hostnamectl set-hostname "Ubuntu Server for Raspberry Pi Golden Image" --pretty10) Next we need to regenerate your OpenSSH host keys on the server so that you don’t share the same SSH host keys with any default Ubuntu installations that don’t use your Mac Changer IP address (because they use your Raspberry Pi’s Hardware Mac address). This prevents having two different hosts with the same host keys, which will create conflicts in your ~/.ssh/known_hosts file on your local machine. You can do this while logged into your Ubuntu installation via ssh, but be sure not to close your ssh session until you have completely finished this step.
First delete the ssh host keys on your SSHD server.
sudo /bin/rm -v /etc/ssh/ssh_host_*Now regenerate your OpenSSH Host keys:
sudo dpkg-reconfigure openssh-serverRestart your SSHD server:
sudo systemctl restart sshOn your local device (the device your ssh into your Ubuntu Server with), delete your old ssh keys from the known_hosts file. Go ahead and open that file with nano editor on your local machine.
sudo nano ~/.ssh/known_hostsSearch for the local IP address that you used to log into your old Ubuntu Server Installation by pressing CTRL+W, and typing in the IP of your old local Ubuntu with the default Hardware Mac Address. Then press enter to search. Once you find the line it is on, go ahead and delete that line with the old IP on it by pressing CTRL+K. Then save your file and exit nano editor with CTRL+X, then Y, then ENTER. Now you should be able to ssh into your golden image server with the new private IP address that your router assigned to the new Mac Address you created.
11) Go ahead and log into your router, find your new Raspberry Pi Golden Image mac address, and create a static IP address for it, so that you can enter it into your ~/.ssh/config file on your local machine. This way, no matter how many times you flash your golden image to ANY Raspberry Pi with ANY usb or SD Card, you will always be able to access it with ssh right away without making any changes to your ~/.ssh/config or ~/.ssh/known_hosts file. Now change your Golden Image IP address on your local machine’s ~/.ssh/config file to reflect the changes of the static IP set in your router.
12) (Optional) To polish things off with some finishing touches, we are going to create a custom ssh banner for your new golden Image, so you always know which Ubuntu installation you are ssh’ing into regardless of which Pi it’s being run on.
Open up your sshd_config file on your Ubuntu Server Golden Image with nano editor:
sudo nano /etc/ssh/sshd_configScroll down to the bottom, and enable your ssh banner in sshd_config by changing this:
# no default banner path
#Banner noneto this:
# Golden Image Banner Path
Banner /etc/ssh/banner.txtSave the file and exit nano editor by pressing CTRL+X, then Y, then ENTER.
13) Now create your /etc/ssh/banner.txt file for sshd to display when you log in with ssh:
sudo nano /etc/ssh/banner.txtCopy the below code exactly as it is (do not mind the top ASCII ART displaying incorrectly on this website, it will look fine in your terminal), and paste it into your nano editor:
..--------------------------------------------------------------------..
.. ┳┳┓ ┏┓ ┓ ┓ ..
.. ┃┃┣┓┓┏┏┓╋┓┏ ┃┓┏┓┃┏┫┏┓┏┓ ..
.. ┗┛┗┛┗┻┛┗┗┗┻ ┗┛┗┛┗┗┻┗ ┛┗ ..
.. ┳ ..
.. ┃┏┳┓┏┓┏┓┏┓ ..
.. ┻┛┗┗┗┻┗┫┗ ..
.. ┛ ..
..--------------------------------------------------------------------..
.. THE PRIVATE OF THIS SERVER IS: ..
.. 192.168.x.x ..
.. THE PUBLIC IP OF THIS SERVER IS: ..
.. xxx.xxx.xxx.xxx ..
..--------------------------------------------------------------------..
............................... WARNING!................................
.. You are entering a secured area! ..
.. Your IP Address and other relevent information ..
.. have been recorded. System administration has been notified. ..
.. This system is restricted to authorized access only. ..
.. All activities on this system are recorded and logged. ..
.. Unauthorized users will be fully investigated and reported to ..
.. the appropriate law enforcement agencies. ..
.. IF YOU ARE NOT AUTHORIZED TO ACCESS OR USE THIS RESTRICTED SPACE, ..
.. PLEASE LEAVE NOW!!! ..
........................................................................Now go ahead (in your nano editor) and change 192.168.x.x and xxx.xxx.xxx.xxx, to your private and public IP’s of the Ubuntu Server Golden Image. Then save your file and exit by pressing CTRL+X, then Y, then ENTER.
14) Now go ahead and shut down your Raspberry Pi Ubuntu Golden Image, remove your SD Card or USB stick, and then download ApplePi Baker for MacOS. Once you do, install it, insert your Ubuntu Golden Image USB Stick or SD Card into your Mac, and use ApplePi Baker to create a cloned image of your Ubuntu Golden Image in .img format. Once you do, and you want to start a new Ubuntu installation with all of your settings already set up for you, you can just flash the .img file you created to your USB stick or SD Card using either the DD command, or Balena Etcher, and then stick it into any Raspberry Pi.
15) DONATE! If this tutorial it worked for you (which it should have), you could spread the love back and donate some change to my paypal, bitcoin address, or altcoin addresses.
PAYPAL:
BITCOIN (BTC) ADDRESS:
bc1qxsqy0nl8f2rqsgpzzr8eh3c67vz7kjr2djyku4BITCOIN CASH (BCH) ADDRESS:
qzdkv8sz8zf57urafd8urhg7jdej6u892v3z088nvrETHEREUM (ETH) ADDRESS:
0x8C33CD44a083D605DBb65Ba4eC201f30Af88705cZCASH (ZEC) ADDRESS:
t1dxu9KN1pSYNoMNxYMzCNhcHJhGZmwPW9nMONERO (XMR) ADDRESS:
4A2p4k6vSGviUxoZvwQkAX8VBQE6tQncmZUS5mZ8YS9cZ2BQ4cc2CZXdMVg4vtFoxh3XrXQECWm95Gq2FpyRtvFz2yNZuYy16) FINISHED! ALL DONE! Now you have permanently changed your MAC Addresses and created an Ubuntu/Raspberry Pi OS Golden Image for your Raspberry Pi!
