Future-proofing the Raspbian SSH Server
Enable SSH headlessly
If you want to connect to the Raspberry Pi without a monitor or input devices, the latest version of Raspbian won't be very forthcoming. If you try to connect via SSH, by default you'll only see ssh: connect to host <address> port 22: Connection refused.
This places you into something of a Catch-22 situation. Without connecting via SSH, you can't enable SSH on the Pi. Fortunately the Raspbian Developers have a neat solution. To get started, first write your Raspbian image to the SD card as normal. However, once the image has been written, leave the microSD card in the reader. Open the newly created /boot partition on the microSD card using the file manager of your choice, then create a new, empty file named ssh (Figure 4).

Since the partition has been formatted to FAT32, this will work with file managers on any operating system i.e., Linux, macOS and Microsoft Windows.
If you're using Linux, you can make life a little easier for yourself. Instead of using a file manager, you can write the Raspbian image as usual using dd to the microSD card. Next, create the file ssh using touch
using the path to the /boot partition. The example in Listing 2 is the correct path for Ubuntu-based systems, but feel free to change this as well as the path to the microSD card as necessary. The whoami function will automatically return your username.
Listing 2
Writing Raspbian Image to MicroSD
$ dd bs=4M if=2017-04-10-raspbian-jessie.img of=/dev/sdb; sync $ touch /media/$(whoami)/boot/ssh
Conclusion
In future, setting up a Raspberry Pi without a monitor and keyboard is going to be a little trickier. However, this is more than made up for by the security benefits. Even if Pis behind a WLAN router can only be accessed via explicit port forwarding, a hacked IoT device connected to the local network could easily be programmed to search for and connect automatically to Raspberry Pis, turning them into a fully fledged Linux attack platform. As SSH is now disabled by default, we can all rest a little easier.
Infos
- "A security update for Raspbian Pixel": https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel
- LAN: https://en.wikipedia.org/wiki/Local_area_network
- NAT: https://en.wikipedia.org/wiki/Network_address_translation
- Universal Plug and Play: https://en.wikipedia.org/wiki/Universal_Plug_and_Play
« Previous 1 2 Next »
Buy this article as PDF
Pages: 4
(incl. VAT)