Headless Raspberry Pi with wireless connection

  • Christopher Af Bjur
May 5th, 2021

Learn how to configure a Raspberry Pi, headless, which will connect wirelessly to the internet and which you can access from your computer through SSH. You will learn all the steps required from first unboxing your RPI, to having a fully functional RPI running headless and wireless.

Initial Setup

  1. Input the SD card into the computer.
  2. Open up Raspberry PI Imager application and select OS by clicking Choose OS and then click Raspberry Pi OS (other) and lastly select Raspberry Pi OS Lite (32-bit)
  3. Then select the SD card which should be pretty much self explanatory.
  4. Click on Write and finish the installation process.
  5. When finished, remove the SD card from the computer port.

Setting up Wi-Fi

Now we want to let our RPI know how to connect to our Wi-Fi network, since we won't be using any network cables.

  1. Input the SD card to the port again, click the file named boot (Should popup on your desktop if you're using Mac, somewhere else if you're using any other OS).
  2. Create a new file and name it wpa_supplicant.conf in this boot file. It will be copied to the main partition's /etc/wpa_supplicant location at boot time, replacing whatever is there. It will then be deleted from /boot, so you won't see it there if you try to find it at a later point in time.
  3. In wpa_supplicant.conf add the correct credentials and country code. In my example I'm using se for Sweden. You can find all the common country codes here.
./boot/wpa_supplicant.conf
country=se
update_config=1
ctrl_interface=/var/run/wpa_supplicant

network={
 scan_ssid=1
 ssid="MyNetworkSSID"
 psk="Pa55w0rd1234"
}

Note that you'll have to replace MyNetworkSSID with your own network SSID and Pa55w0rd1234 with your own network password.

Also, I wrote my country code with lower case letters and it worked fine - so you should be able to write your country code in lower case letters as well.

Now save the wpa_supplicant.conf file and close it.

Setting up SSH

In order to be able to access our RPI and navigate in it, we'll have to setup SSH which will allow us to login to the RPI file system from our computer.

SSH can be enabled by placing a file named ssh, without any extension, onto the boot partition of the SD card. When the Pi boots, it looks for the ssh file. If it is found, SSH is enabled and the file is deleted. The content of the file does not matter; it could contain text, or nothing at all.

So, with our boot partition still open (since we modified the wifi settings in the previous section) create a new file named ssh.

First launch

  1. Now that we've setup things, let's safely eject the boot partition (on Mac we go to the Desktop and right-click boot and click Eject "boot"). We can now safely remove the SD card from our SD card port of our computer.
  2. Once removed from the port we can take out the mini SD card from the "SD reader card".
  3. Make sure the RaspberryPI is off (not plugged in with AC plug).
  4. Input the mini SD card to your Raspberry Pi, and then plug in the RPI AC plug. Wait for the RaspberryPI to boot (around 30-60 seconds I believe).

Logging in to our RPI

SSH'ing in

  1. Go to a terminal and run ssh pi@raspberrypi.local
  2. When asked for the password input raspberry which is the default password.
  3. You should now be ssh'ed in to the RaspberryPi.

Potential errors

Error 1

If you get some warning about WARNING: POSSIBLE DNS SPOOFING DETECTED! and/or WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! it's probably because you previously had saved ssh keys on your computer and wiped the RaspberryPI and now trying to connect to it. If this happened, just run ssh-keygen -R raspberrypi.local and then run ssh pi@raspberrypi.local again.

Error 2

If you get a question Are you sure you want to continue connecting (yes/no/[fingerprint])? just type yes and continue.

Error 3

If you get a message ssh_dispatch_run_fatal: Connection to blablablablabla port 22: Broken pipe just run ssh pi@raspberrypi.local again.

Security

Now that we have access, it's important that we change the default password. We can do this by typing passwd , pressing enter and setting the new password. Note memorize it or save it to a safe place before executing the password change so we don't get locked out of our RPI.

Terminal
passwd

It might also be a good idea to get the latest system's package list onto our RPI. Get it by running sudo apt-get update.

Terminal
sudo apt-get update

Next lets install all the latest packages for our RPI by running sudo apt full-upgrade.

Terminal
sudo apt full-upgrade

Passwordless SSH access

Note that in order to follow allong with this last section you have to be a Mac user, using macOS.

Generate new SSH keys

On your computer, open a new terminal window and run ssh-keygen.

Terminal
ssh-keygen

Upon entering this command, you will be asked where to save the key. Save it either in the default location (~/.ssh/id_rsa) by pressing Enter or define a custom path/name.

You will also be asked to enter a passphrase, which is optional. The passphrase is used to encrypt the private SSH key, so that if someone else copied the key, they could not impersonate you to gain access. If you choose to use a passphrase, type it here and press Enter, then type it again when prompted. Leave the field empty for no passphrase.

Run ls ~/.ssh and confirm that the private and public keys where created.

Terminal
ls ~/.ssh

Copy your public key to your Raspberry Pi

Input the following into a terminal in order to ssh copy the public key into the authorized_keys folder of your RPI. Note that you might want to change the name of the key file in case you didn't use the default:

Terminal
cat ~/.ssh/id_rsa.pub | ssh pi@raspberrypi.local 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'

Input the ssh password when asked for it. Note that if you didn't change it yet, as defined in the Security section, the default password is raspberry.

Store the passphrase in the macOS keychain

  1. After verifying that your new key allows you to connect, you have the option of storing the passphrase for your key in the macOS keychain. This allows you to connect to your Raspberry Pi without entering the passphrase.
  2. Run the following command to store it in your keychain ssh-add -K ~/.ssh/id_rsa. Note that you will have to change the path in case you used a custom path and/or filename.

Terminal
ssh-add -K ~/.ssh/id_rsa

Adding SSH-Keys to SSH-Agent on Startup

Incase you defined a passphrase for the SSH key previously created, it will ask you to enter passphrase each time you use it to connect to servers or git repositories. To prevent re-entering passphrase we add SSH-keys to SSH-agent running on your macOS system using the following command (same step as above): ssh-add -K ~/.ssh/id_rsa

Terminal
ssh-add -K ~/.ssh/id_rsa

After that navigate to your ssh folder. From a terminal you can run cd ~/.ssh/ and look for a file named config. If this file exists, we're going to edit it, if not just create it. In this file, copy/paste the following:

./.ssh/config
Host *
  UseKeychain yes
  AddKeysToAgent yes
  IdentityFile ~/.ssh/[your-secure-ssh-key-name-1]
  IdentityFile ~/.ssh/[your-secure-ssh-key-name-2]

Then replace the [your-secure-ssh-key-name-x] parts with the key files that you previously created. For instance if I went with the default setup when generating this/these file/files previously, I'd use IdentityFile ~/.ssh/id_rsa.

Now, restart your computer to apply changes properly. Once changes are applied, you will never again be asked for passphrase.

© 2021, Christopher Af Bjur