Initial Setup
Wheel
Raspberry Pi OS does not have the wheel group by default. It can be added with
sudo groupadd wheel
A user can then be added to the wheel group with
sudo usermod -aG wheel username
The -a flag appends the group, such that the user is not removed from all groups that are not explicitly listed in this command. The -G flag specifies the groups that the user will be added to, listed directly after the flag.
Whether the user is now added to the group can be checked with
cat /etc/group
There should be an entry similar to
wheel:x:1001:username
This entry confirms that the user has been added to the wheel group.
doas
doas can be installed with
sudo apt install doas
After this, a config file must be created, optionally after installing vim with
sudo apt install vim
sudo vim /etc/doas.conf
The content of the config file should then be set to
permit setenv {PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin} :wheel
The config file MUST end with an empty line. Additionally, "permit" can be followed by "persist" to allow for doas to have a period of time where the password must not be entered for new commands, after it has been used with a password initially.
The system needs to be rebooted for doas to function.
ssh
The Raspberry Pi OS can be set up with an rsa key already authorized. If this is not the case, a new public key must be added. The new key must be moved into the file
/home/username/.ssh/authorized_keys
Afterwards, the default port for ssh connections must be changed to 200, such that the forwarded port matches the ssh port. This can be done with
doas vim /etc/ssh/sshd_config
Where the Port must be changed from 22 (default) to 200. Afterwards, the ssh daemon must be restarted using
doas systemctl restart sshd