Enable headless login to a Raspberry Pi

Introduction

As of the November 2016 release, Raspbian has the SSH (secure shell) server disabled by default, see Security update information on the Rasberry Pi site. This page describes four alternative ways to activate SSH on boot, which you need to configure the capture station. If you don't have a keyboard and monitor that you can attach to the RPi, you should follow these instructions to enable headless login -- that is to say, access to the freshly booted RPi through SSH.

After enabling headless login, you will be able to connect to your new Raspberry Pi Red Hen capture station by connecting an ethernet cable to the RPi and to your laptop; see How to set up a Red Hen capture station.

Related scrolls

• How to set up a Red Hen capture station
  • The Ultimate Guide to Managing a Red Hen Capture Station
• Raspberry Pi headless install (external) or Guide to Direct Network Connection (external)
• Capure Station Manual

Activate SSH on install in the graphical user interface

Just create an empty file called ssh in the boot directory of your Raspbian image.

Safely remove the card from your computer and insert it into the RPi.

Continue with the instructions in How to set up a Red Hen capture station.

Activate SSH on install on a Mac on the commandline

After writing the Raspbian image to your SD card, open a terminal and issue

diskutil list

Identify the disk (not partition) of your SD card -- e.g. disk4, not disk4s1.

Use the corresponding raw disk name to list the files:

ls -l /dev/rdisk4/

You should see a bunch of files, such as COPYING.linux.

Write an empty file called ssh to that folder:

sudo touch /dev/rdisk4/ssh

Eject the card with DiskUtility or with this command:

sudo diskutil eject /dev/rdisk4

Remove the card from your Mac and insert it into the RPi.

Continue with the instructions in How to set up a Red Hen capture station.

Activate SSH on install on Windows on the command line

After writing the Raspbian image to your SD card, determine in a file manager or other means the drive letter of the SD card, typically something like E: or F:

Press the Windows Key and r at the same time. At the "Run" prompt, enter

cmd

and press Enter.

At the C> prompt, list the files on the card by typing

dir F:\

and pressing Enter.

You should see several files, such as COPYING.linux:

Issue the command

echo.>F:\ssh

and press Enter.

To confirm the file was created, issue

dir F:\

again and press Enter:

Safely remove the card from your PC and insert it into the RPi.

Continue with the instructions in How to set up a Red Hen capture station.

Alternative - activate SSH by connecting monitor, keyboard and mouse

This option involves connecting RPI to HDMI monitor (a TV, for example), USB keyboard and mouse.

Open the terminal (click on the terminal Icon at the top of the screen) and issue sudo raspi-config

Select Advanced Options (currently number 7 in the menu), then navigate to ssh, press Enter and select Enable or disable ssh server.

False SECURITY alert

On Red Hen RPis, we do not use the default user named pi, but instead create a new user that we ssh into. On the first release of Raspbian GNU/Linux 8, which has the Security update discussed on this scroll, ssh'ing into a new user generates a false SECURITY alert:

Date: Sun, 26 Feb 2017 15:35:25 -0530

From: lma@rita.in

To: root@rita.in

Subject: *** SECURITY information for rita.in ***

rita.it : Feb 26 15:35:25 : lma : a password is required ; TTY=pts/12 ; PWD=/home/lma ; USER=root ; COMMAND=/bin/grep -E ^pi: /etc/shadow

The fix is to move the file /etc/profile.d/sshpasswd.sh out of the way:

mv /etc/profile.d/sshpasswd.sh /etc/profile.d/sshpasswd.sh-not-needed

This file is designed to detect when a user leaves the default password to user pi, which makes the RPi easy to access by anyone. We add a line of AllowUsers to /etc/ssh/sshd_config to ensure user pi not only has a new password, but is not accessible from the outside at all.