Future-proofing the Raspbian SSH Server
Enable SSH headlessly
If you want to connect to the Raspberry Pi without a monitor or input devices, the latest version of Raspbian won't be very forthcoming. If you try to connect via SSH, by default you'll only see ssh: connect to host <address> port 22: Connection refused.
This places you into something of a Catch-22 situation. Without connecting via SSH, you can't enable SSH on the Pi. Fortunately the Raspbian Developers have a neat solution. To get started, first write your Raspbian image to the SD card as normal. However, once the image has been written, leave the microSD card in the reader. Open the newly created /boot partition on the microSD card using the file manager of your choice, then create a new, empty file named ssh (Figure 4).
Figure 4: To activate SSH, use your file manager to create an empty filed named 'ssh' in the /boot partition of the microSD card.
Since the partition has been formatted to FAT32, this will work with file managers on any operating system i.e., Linux, macOS and Microsoft Windows.
If you're using Linux, you can make life a little easier for yourself. Instead of using a file manager, you can write the Raspbian image as usual using dd to the microSD card. Next, create the file ssh using touch using the path to the /boot partition. The example in Listing 2 is the correct path for Ubuntu-based systems, but feel free to change this as well as the path to the microSD card as necessary. The whoami function will automatically return your username.
Listing 2
Writing Raspbian Image to MicroSD
$ dd bs=4M if=2017-04-10-raspbian-jessie.img of=/dev/sdb; sync $ touch /media/$(whoami)/boot/ssh
Conclusion
In future, setting up a Raspberry Pi without a monitor and keyboard is going to be a little trickier. However, this is more than made up for by the security benefits. Even if Pis behind a WLAN router can only be accessed via explicit port forwarding, a hacked IoT device connected to the local network could easily be programmed to search for and connect automatically to Raspberry Pis, turning them into a fully fledged Linux attack platform. As SSH is now disabled by default, we can all rest a little easier.
Infos
- "A security update for Raspbian Pixel": https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel
- LAN: https://en.wikipedia.org/wiki/Local_area_network
- NAT: https://en.wikipedia.org/wiki/Network_address_translation
- Universal Plug and Play: https://en.wikipedia.org/wiki/Universal_Plug_and_Play
« Previous 1 2 Next »
Buy this article as PDF
Pages: 4
(incl. VAT)
Buy Raspberry Pi Geek
US / Canada
UK / Australia
Related content
-
The Pi Wire
- First 64-bit OS for Pi 3
- LTE Connectivity
- 3rd Generation Pi Drive
- Pi will outsell the Commodore 64
- Tighter Security for your Pi
-
Installing FHEM on the Raspberry Pi
The FHEM home automation software is not yet part of the Raspbian package sources. We show you how to install it manually on a fresh Raspbian system.
-
Installing a customized Raspbian system with Netinstaller
The standard Raspbian is too bulky for some projects. You can use Netinstaller to set up a pre-defined customized version.
-
Display tiny movies on your Pi
Get a tiny color display working on a Raspberry Pi, so you can show your own movies.
-
Converting the Raspberry Pi to a wireless print server
Use a small and unobtrusive Raspberry Pi to convert your legacy USB printer to a new wireless network printer system.
