Future-proofing the Raspbian SSH Server

Enable SSH headlessly

If you want to connect to the Raspberry Pi without a monitor or input devices, the latest version of Raspbian won't be very forthcoming. If you try to connect via SSH, by default you'll only see ssh: connect to host <address> port 22: Connection refused.

This places you into something of a Catch-22 situation. Without connecting via SSH, you can't enable SSH on the Pi. Fortunately the Raspbian Developers have a neat solution. To get started, first write your Raspbian image to the SD card as normal. However, once the image has been written, leave the microSD card in the reader. Open the newly created /boot partition on the microSD card using the file manager of your choice, then create a new, empty file named ssh (Figure 4).

Figure 4: To activate SSH, use your file manager to create an empty filed named 'ssh' in the /boot partition of the microSD card.

Since the partition has been formatted to FAT32, this will work with file managers on any operating system i.e., Linux, macOS and Microsoft Windows.

If you're using Linux, you can make life a little easier for yourself. Instead of using a file manager, you can write the Raspbian image as usual using dd to the microSD card. Next, create the file ssh using touch using the path to the /boot partition. The example in Listing 2 is the correct path for Ubuntu-based systems, but feel free to change this as well as the path to the microSD card as necessary. The whoami function will automatically return your username.

Listing 2

Writing Raspbian Image to MicroSD

$ dd bs=4M if=2017-04-10-raspbian-jessie.img of=/dev/sdb; sync
$ touch /media/$(whoami)/boot/ssh

Conclusion

In future, setting up a Raspberry Pi without a monitor and keyboard is going to be a little trickier. However, this is more than made up for by the security benefits. Even if Pis behind a WLAN router can only be accessed via explicit port forwarding, a hacked IoT device connected to the local network could easily be programmed to search for and connect automatically to Raspberry Pis, turning them into a fully fledged Linux attack platform. As SSH is now disabled by default, we can all rest a little easier.

Buy this article as PDF

Express-Checkout as PDF

Pages: 4

Price $2.95
(incl. VAT)

Buy Raspberry Pi Geek

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content