If you’re running a Raspberry Pi that’s reachable from the Internet — such as through 44Net, or any public-facing IP — security should be your top priority.
One of the most important steps you can take is to disable password logins and use SSH keys instead.
Why Passwords Are a Problem
Password authentication over SSH might feel convenient, but it’s one of the biggest security weaknesses for exposed systems:
• Brute-force attacks — Bots continuously scan IPv4 and IPv6 ranges trying common usernames like pi, admin, or ubuntu.
• Leaked credentials — If you’ve reused a password elsewhere and that service gets breached, attackers can easily try it against your Pi.
• Keylogging and phishing — Passwords can be intercepted if you log in from an insecure machine or network.
Even strong passwords can’t match the security of asymmetric cryptography used by SSH key pairs.
What SSH Keys Are (and Why They’re Better)
SSH keys are a pair of cryptographic files:
• Private key — stays safely on your local machine.
• Public key — stored on your Raspberry Pi.
When you connect, your client proves it has the private key that matches the public one — no password ever travels over the network.
Benefits:
• Uncrackable by brute force.
• No passwords stored on the Pi.
• Easy to manage multiple devices.
• Works with Raspberry Pi Imager for completely password-free setup.
Generating SSH Keys on macOS, Linux, or Windows
You can create an SSH key pair in seconds.
Step 1: Open a terminal
• macOS or Linux: open Terminal
• Windows 10/11: open PowerShell (or Windows Terminal)
Enter file in which to save the key (C:\Users\dg/.ssh/id_ed25519):
Created directory ‘C:\\Users\\dg/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\dg/.ssh/id_ed25519
Your public key has been saved in C:\Users\dg/.ssh/id_ed25519.pub
The key fingerprint is:
xxxxxxxx
The key’s randomart image is:
xxxxxxx
Step 3: Confirm the files
Next type:.cd .sshdir
You should see:
id_ed25519 # private key
id_ed25519.pub # public key
The contents of .pub file is what you’ll copy into Raspberry Pi Imager.
type id_ed25519.pub
Step 4: Adding the SSH Key in Raspberry Pi Imager (When You First Set Up Your SD Card)
Raspberry Pi Imager (v1.7 or newer) makes this easy:
A. Install/open Raspberry Pi Imager (https://www.raspberrypi.com/software/ ) on your Mac or PC.
B. Choose your device, OS, storage, and click NEXT.
C. You will then see an option that says EDIT SETTINGS.
D. On the next screen click on Services
E. Check Enable SSH
F. Select Allow public-key authentication only.
G. If you created your key on the same machine, it will automatically be filled in for you.
H. Otherwise, paste your public key (the contents of id_ed25519.pub).
I. Press SAVE
J. Press YES to write your card
When the Pi boots for the first time, your public key will be preloaded in /home/pi/.ssh/authorized_keys.
Connecting to Your Pi Securely
Once it’s powered up and online:
ssh pi@<your.pi.ip.address>
If everything is set up correctly, you’ll connect without typing a password.
Summary
Switching to SSH keys takes a few minutes but can save you hours of cleanup after a compromise.
If your Raspberry Pi is exposed to the Internet — especially on 44Net, or publicly accessible in any way (like poking a hole in your home firewall) — using SSH keys isn’t just good practice, it’s essential.
These days you can’t get away from the Artificial Intelligence (AI) hype, it is unavoidable. Supposedly it can do anything and everything with no limitations. But beyond the marketing, there is a lot that AI can do to help make your life easier. I’m going to walk you through how you can utilize AI for ham radio applications. It is a great way to solve problems and create software for your projects, even if you are not a programmer.
I think the best way to show you how to use an AI Large Language Model (LLM) is to run through the prompts I used on a project for remote station temperature monitoring. I needed a way to get sensor readings from an external sensing board on a Raspberry Pi for display on a computer data dashboard. I decided I wanted a script that could collect the readings every few minutes and transmit them to a second computer that served up all the dashboards for the station. Some call this a “single pane of glass” since you can go to one location and see everything together rather than separate applications/computer web page locations that only show individual readings.
I’m going to use ChatGPT to help me. This is my main AI choice for programming and is free for a certain number of requests a day. If you find yourself using it a lot, it will prompt you to upgrade to the $20 a month plan. You can always just take a break and come back when it asks you to upgrade if you don’t want to pay or are still experimenting with it. You can easily pick up where you left off after the program usage timer resets.
Just go to https://chatgpt.com/ and you’ll see a screen that looks a lot like Google. If you set up a login, it will remember previous conversations and projects but you can start off anonymously at first, if you want. It is important that you DO NOT put anything personal into it like passwords, credit card info, etc. as you don’t want your information inadvertently revelated in someone else’s inquiries. Partly why it is free is it is learning from everyone so it can get better at its answers. There are settings you can turn off to protect yourself from it consuming your personal data but better safe than sorry.
Another thing to consider is that if an AI doesn’t know something it will often make up an answer – this is called “hallucination” so always check what it tells you. Sometimes it will be quite certain in its responses and they can often be very wrong so remember it can make “mistakes.”
The box you see when you land on the main ChatGPT webpage that says “Ask anything” is called the prompt box. This is where you are going to type in your requests.
In my case, I have a Raspberry Pi with an external BME 280 board that senses temperature, humidity and barometric pressure like the one below.
In the ChatGPT prompt box. Here is what I typed. There is no need to type please or thank you since that just uses compute power and electricity, so try to get in the habit of skipping pleasantries (my actual prompt entries are in italics).
Write me a bash script for a BME280 board on a Raspberry Pi to gather temperature, humidity and pressure and then publish that data to corresponding MQTT topics.
Let’s breakdown what I just requested it to do.
I asked it to take readings from the BME 280 sensor board using a bash script which is a simplified program I can run on the Raspberry Pi easily. I then told it to transmit that data out using something called an MQTT server which I can have another computer to listen to take data and process or display it.
This way I can put a small, inexpensive computer in a place that I need the sensor reading, so I don’t need to run long sensor wires all the back to my main machine. I just need to make sure I can have ethernet or wifi available to my Raspberry Pi at the remote location.
Even if you are not a programmer, you still need to be able to explain what you want it to do with some accepted computer terminology. You can always ask it for help if you are not sure what to say or just try to explain things as best as you can. What I often do is just look at some web pages describing what others have done or a YouTube video or two for application like what I want to do.
Here’s what I get back from ChatGPT (I have shortened some of the output as indicated by “…”, I’m just trying to give you the major steps in the process). First, it will tell you a bit what is it is assuming you want it to do and what equipment it thinks you have. This is helpful for troubleshooting later or correcting it.
After giving me the script, it then told me what I need to do and any commands I need to enter. It will often describe highlights of what it has built for you as well as offer suggestions.
Next, I did everything it asked me to do in the steps above but I got some errors which I pasted into the prompt box so it could help me to troubleshoot. It can tell what I pasted in is an error, so I don’t need to describe the output I’m giving it, since it knows we are working on the script together.
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing –break-system-packages. hint: See PEP 668 for the detailed specification.
You’re encountering this error because your Python environment is PEP 668-compliant, which means it prevents direct installation of Python packages into the system-managed Python environment to avoid breakage.
And since everything works. I’m done. Here’s the final output on the dashboard. The script runs every 3 minutes and sends the data to the dashboard computer for display and graphing.
I hope this gives you some idea of what is possible with AI solutions like ChatGPT, Claude and DeepMind. I find that ChatGPT is the best for programming, and I like Claude for helping me do graphic oriented user interfaces like web dashboards and logos. I haven’t really played much with DeepMind since I find the other two quite capable of what I need.
We are not yet at the point where you can just type a line into the prompt box and tell any of these systems to write you a full program instantly, but they are getting better by the day. Who knows what will be possible in the future? What I do know is I have found that AI can help me to write programs quickly especially batch scripts that I used to spend hours on troubleshooting.
I encourage you to find a project you want to do with an LLM helping you to code and experiment. It is the best way to see what this technology can do for you. I have also learned a lot about programming since I now feel that I have a 24 hour a day private tutor helping me.
73
Originally published at hamradiohacks.blogspot.com
What do you do when you are stuck in an apartment, condo or HOA and you want to experience what HF is all about? You can try to hide a wire antenna and use a low cost SDR dongle like the RTL-SDR but your experience is going to be very limited in what you will be able to hear.
The best solution (and it is free as well) is to use a remote internet SDR receiver. Here are a couple of sites you can go to get started:
WebSDR.org: A directory of receivers around the globe, usually accessible with nothing more than a browser. These are often university or club stations that welcome public use.
KiwiSDR Network: Shows active KiwiSDRs on a map. These small receivers are deployed by individuals and groups worldwide and often cover 0–30 MHz.
Let’s use KiwiSDR as an example of how to operate a remote SDR. If you go to rx.linkfanel.net on your web browser, you will see a screen like the one below. Listed here all the receivers that are available worldwide as well as an indicator of where the sun is positioned currently for day and night. You can choose from receivers anywhere in the world or just pick one in your area.
Let’s zoom in and look at the receivers in the Southern California area and pick one.
Then you can mouse over it to see how many users it can accommodate, are currently logged in, frequencies available and antennas.
You then click on the receiver info box that comes up on the one that interests you, to connect to it.
You will next get a screen asking for your name or callsign. Feel free to give it whatever information you feel comfortable sharing.
When you hit enter, after you type your name/call the SDR will start up. In the lower right hand corner of your screen, you can select your frequency and mode. I like to hit the + in the circle icon and zoom in to see stations on the waterfall in more detail.
You can then move the tuning cursor on the waterfall by clicking on it with your mouse to tune up and down the band and hear stations.
Remember to change your mode to match the station transmission settings for each band, so if you want to listen to HF voice it is LSB for amateur frequencies below 20 Meters and USB above that.
There is a lot more you can explore with the receivers, but this should get you started. Have fun!
Originally published at hamradiohacks.blogspot.com
Here’s a cool trick for anyone with a remote station that wants to have an automated computer failover. This router setup will allow you to have multiple redundant computers on site and if one fails, your remote users will automatically be sent to the backup machine. When the primary comes back online, users are sent back there. Any failures can be emailed to you from the router, so you can troubleshoot.
What you need
2 computers – can be Windows, Linux (Raspberry Pi, etc) or Mac
Mikrotik Router – In my case I’m using the hAP ac3 – which goes for about $110 on Amazon
Step By Step Setup (using the Mikrotik Web Gui or Winbox) – this is the IP you give to your users
1. Add a Virtual Service IP
This is the “VIP” your LAN clients will always use (e.g. 192.168.1.100).
A. Open IP → Addresses
B. Click Add New
• Address: 192.168.1.100/24
• Interface: bridge (your LAN bridge, sometimes called bridge1)
• Add a comment: ex. Node-RED VIP
C. Click OK
2. Create NAT Rules
You’ll make two port-forward rules: one for the primary server (e.g. Node-RED-A), one for the backup (disabled until needed). In this example, the primary server is at 192.168.1.10 and the backup is at 192.168.1.11.
A. Go to IP → Firewall → NAT
B. Click Add New
• Chain: dstnat
• Dst. Address: 192.168.1.100
• Protocol: tcp
• Dst. Port: 1880 (e.g. Node-RED port number)
• Action: dst-nat → To Addresses: 192.168.1.10
• Add a comment: e.g. Primary Node-RED
• Click OK
C. Add another NAT rule for your second server (e.g. Node-RED-B)
• Chain: dstnat
• Dst. Address: 192.168.1.100
• Protocol: tcp
• Dst. Port: 1880 (e.g. Node-RED port number)
• Action: dst-nat → To Addresses: 192.168.1.11
• Add a comment: e.g. Backup Node-RED
• Click OK
3. Configure Netwatch – This tells MikroTik router to monitor the primary Node-RED (192.168.1.10) and switch NAT rules if it goes down. This will send your users to the backup server.
A. Go to Tools → Netwatch
B. Click Add New
• Host: 192.168.1.10
• Interval: 00:00:10 (check every 10 seconds)
C. In the Down tab (script to run if .10 is unreachable), paste (make sure these match your comment labels from above):
4. Add Hairpin NAT – This allows clients that are in the same subnet as the servers to route correctly, you’ll need a srcnat masquerade to handle “hairpin NAT” (required when client and server are on the same network and traffic goes through the router).
A. Open IP → Firewall → NAT
B. Click Add New
C. On the General section:
• Chain: srcnat
• Src. Address: 192.168.1.0/24
• Dst. Address: 192.168.1.0/24
D. Switch to the Action section:
• Action: masquerade
• Add a Comment: e.g. Hairpin NAT for Node-RED
E. Click OK
5. From another computer on the router, go to 192.168.1.100:1880 and then plug and unplug your primary and backup servers from the router to test the failover. You can also see it enable and disable routing rules on the router screen by going to IP → Firewall → NAT.
Setting Up Email Alerts (optional)
When a server goes down, you might want to be notified. The router also has the ability to send emails to you when a server fails.
1. (optional) Configure Email App Password Settings – Gmail (if this is your provider/you have 2-Step Verification on)
• Go to your Google Account (myaccount.google.com)
• Select Secuirty (left hand column)
• Under “How you sign in to Google” select 2-Step Verification
• Scroll down to App passwords
• At the bottom of the page, enter a name for the App password (e.g. Node-RED)
• Click Create
• A screen will not pop up saying – Your app password for your device – with a password
• Copy this into a file as you will not ever see it again and will need to make a new one if you lose it
• Click Done
2. Configure Email Settings
A. Go to: Tools → Email
B. Enter in (for the example settings, we’ll use Gmail):
• Server: smtp.gmail.com
• Port: 587
• TLS: start tls
• From: the email address you be sending from (e.g. dave@gmail.com)
• User: your email address at Gmail (e.g. dave@gmail.com)
• Password: the application password you set up above
• Click Apply
3. Create a Netwatch Monitor
A. Go to Tools → Netwatch
B. Click Add New
• (optional) Type: httpd-get (if you want to test for a specific service (e.g., Node-RED) – otherwise leave as default
• Host: Enter the IP/hostname you want to monitor (e.g. 192.168.1.10 from above)
• Interval: How often to check (e.g., 00:10:00 = every 10 minuntes)
• Timeout: How long before it’s considered “down” in seconds (e.g., 30.00)
• (optional) Port: 1880 (if you want to test for a specific service (e.g., Node-RED)
• In the Up second (script to run when .10 comes back), paste – adjust what’s in quotes to your preferences:
/tool e-mail send to=”dave@yahoo.com” subject=”.10 Host UP” body=”The host 192.168.1.10 is now reachable.”
• In the Down section (script to run if .10 is unreachable), paste – adjust what’s in quotes to your preferences:
I’m going to share with you an inexpensive way you can control your station from a web browser on your home network. This is the first step in setting up a remote station for yourself. Once you have the radio working locally, you can explore more advanced access solutions like Tailscale or Zerotier VPNs for operation outside of your home network.
I found a great free program to remote control radios from F4HTB called “Universal_HamRadio_Remote_HTML5”. Here is a link to his Github with more information – https://github.com/F4HTB/Universal_HamRadio_Remote_HTML5.
Since there are a lot of steps to setting it up manually, I have put together a script that will do a large portion of the work for you. I have tested the script with an Icom IC-705 and Yaesu FTDX10 utilizing both radio soundcards so there is no need to construct the hardware interface for these radios that he mentions.
The difference between the two radios is which version of Hamlib is used to control them. When you run the setup script it will prompt you for which version of Hamlib you’d like to run with a list of tested recommendations. If you’d like to experiment with other radios, you can try any of the Hamlib version options listed to see what works best for your radio.
Here’s what you are going to need beyond your transceiver:
Raspberry Pi – I tested everything on a Pi5 but you can try other models
MicroSD Memory Card – I used a 16GB one with no issues
USB cable with correct connectors – USB A for your Raspberry Pi and either USB B or Micro USB (depending on your radio)
Putty for your PC to login to the Raspberry Pi – download is available at https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Updated Instructions Based On Olivier’s (F4HTB) Wiki
1.Preparing the Raspberry Pi SD card
a. Put your SD card in your reader and plug this into your computer’s usb port.
b. Download and install Raspberry Pi card management software.
Go to https://www.raspberrypi.org/software/ and download and install Raspberry Pi Imager.
Follow the illustrations below to install the base lite image on your SD card:
Pick your computer model.
Name your system, the default instructions below reference the computer being named as “raspberrypi” with a user of “pi” and a password of “raspberry”. So it is easiest to use that name and password, and then enter your wifi network name and password.
Then scroll down and select your time zone. Then continue on like the pictures below.
2. Connect the hardware and SD card.
Insert the SD card into your Raspberry Pi, connect your CAT interface (USB cable) and (optional) connect your ethernet cable. Wifi is not recommended because it can introduce issues but we have it set up with your network on the previous step if you’d like to try it.
3. Connect via SSH to your Raspberry Pi
Wait a minute or two for the Raspberry Pi to boot up and then connect to it with the steps below in Putty.
If you have a “Putty Security Alert” window click “yes”.
A black window will open. On the line “login as:” put “pi” On the line “pi@raspberrypi.local’s password:” put “raspberry” (Warning, it is normal that nothing is displayed on the password line, in fact your password is hidden for discretion).
You should then see this:
4. Software Installation
At the pi@raspberry prompt enter (type this command as one line – it is best if you copy/paste it).
Then at the next prompt type (to make it executable):
chmod +x Hamradio_setup_versioned.sh
Then type (to run the script):
./Hamradio_setup_versioned.sh
Choose the version of Hamlib best for your radio and follow the other instructions below:
Ham Radio Remote Setup Script
==================================
Available Hamlib versions:
4.0 – Default – Use for IC-705 (CAT Control/Soundcard Support)
4.1 –
4.2 –
4.3 –
4.4 – Use for Yaesu FTDX10 (CAT Control/Soundcard Support)
4.5 –
Confirm your selection:
Proceed with installation of Hamlib 4.0? [Y/n]:Y
After completing all the software package installs (this will take about 15-30 minutes), your Raspberry Pi will ask you if you want to reboot (say yes).
Reboot system now to complete installation? [Y/n]: Y
You’ll have to reconnect in Putty for the next step.
5. Run the code
Important – at this point, make sure your radio is ON and the USB cable is plugged in to it and the Raspberry Pi.
In Putty, after you reconnect at the pi@raspberry prompt type:
This will start the program that generates the web interface.
If you see an error when you run the program, don’t worry since you haven’t configured the radio for it yet.
Run this in your web browser on your computer – https://raspberrypi.local:8888/
If you get an error like below – this is ok, just hit the “Advanced” button then “Proceed” to override it.
This is normal since your SSL security certificate is local – just hit “Proceed” or “Accept the Risk and Continue” and you will not get the error again.
You are safe to do this override since it’s your own self-signed certificate on your local network. Your browser is just trying to warn you if someone else sent you an unknown certificate.
Your connection is not private
Attackers might be trying to steal your information from raspberrypi.local (for example, passwords, messages, or credit cards). Learn more about this warning
NET::ERR_CERT_AUTHORITY_INVALID
Proceed to raspberrypi.local (unsafe)
6. Set Up Your Radio
On config webpage, go to the audio section and make sure to select the options that say “codec” somewhere in their description lines for both audio input and output.
Next select your rig model and your rig’s USB port – most likely it will be ACM0 or ACM1 or possibly USB1 or USB2.
Then press “Save & Restart server”
You’ll next be asked your callsign and then you will see this screen where you’ll select the power button.
Important note – For many radios – the power button will not turn the radio on/off, it will only start the program controlling the radio.
You should now be able to control your radio, hear audio and pass mic audio from your computer.
To disconnect the program from the radio, press the power button in the UI.
7. Stopping The Program
In Putty, if you press the Control and C buttons at the same time it will stop the program from running. To restart it on Putty, at the pi@raspberry prompt type:
Now you should have remote control of your station from anywhere in your house. So you can monitor or use your radio without having to be in your shack! Play around with it and email me if you’d like a follow up article on how to set up a secure VPN to access your radio on the go.
Originally published at hamradiohacks.blogspot.com
Cookie Consent
We use cookies to improve your experience on our site. By using our site, you consent to cookies.
Contains information related to marketing campaigns of the user. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked together.
90 days
__utma
ID used to identify users and sessions
2 years after last activity
__utmt
Used to monitor number of Google Analytics server requests
10 minutes
__utmb
Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server.
30 minutes after last activity
__utmc
Used only with old Urchin versions of Google Analytics and not with GA.js. Was used to distinguish between new sessions and visits at the end of a session.
End of session (browser)
__utmz
Contains information about the traffic source or campaign that directed user to the website. The cookie is set when the GA.js javascript is loaded and updated when data is sent to the Google Anaytics server
6 months after last activity
__utmv
Contains custom information set by the web developer via the _setCustomVar method in Google Analytics. This cookie is updated every time new data is sent to the Google Analytics server.
2 years after last activity
__utmx
Used to determine whether a user is included in an A / B or Multivariate test.
18 months
_ga
ID used to identify users
2 years
_gali
Used by Google Analytics to determine which links on a page are being clicked
30 seconds
_ga_
ID used to identify users
2 years
_gid
ID used to identify users for 24 hours after last activity
24 hours
_gat
Used to monitor number of Google Analytics server requests when using Google Tag Manager
1 minute
Marketing cookies are used to follow visitors to websites. The intention is to show ads that are relevant and engaging to the individual user.
