RPI installation without monitor, keyboard(Headless) and finalizing the config

I just bought a RPI zero and lacking a micro HDMI. Any way when installing a RPI2 or 3 I still do not want to connect a keyboard and monitor. Please perform below steps to make an installation without monitor and keyboard (headless). We will enable SSH login (disabled with newer raspbian images), configure the Wifi and finalize the installation. In the last steps I will expand the file system and add additional security measures, e.g. removing the PI user and setting up a firewall. So please download and write the raspbian image to your SD card.

Enabling Wifi and SSH access is done by writing a file to /boot/ of the SD card.

Enable Wifi: If a wpa_supplicant.conf file is placed into the /boot/ directory, this will be moved to the /etc/wpa_supplicant/ directory the next time the system is booted, overwriting the network settings.
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


Location and filename: /boot/wpa_supplicant.conf

Replace your SSID, password and ISO-3166 in the config file. Your_ISO-3166-1_two-letter_country_code is your ISO Country Code (such as NL for Netherlands).

[Problem] Wifi not working with RPI3 B+: With the RPI zero above process worked, with the RPI3 B+ I run into problems with the wifi. I executed: sudo raspi-config, under localisation options selected change wifi country and then sudo rfkill unblock wifi. Now my wifi worked. [/Problem]

Enable SSH Raspbian will look for a file named ssh on the boot partition at startup and will enable sshd, which by default is disabled. So please create an empty file “ssh”

Location and filename: /boot/ssh

Expand file system We do this to make use of all the space present on the SD card as a full partition. All this does is, expand the OS to fit the whole space on the SD card which can then be used as the storage memory for the RPI.

sudo raspi-config
Option 7:Advanced options
A1: Expand file system

Update firmware It’s always good practice to run the latest version of the firmware which also included the latest bug fixes.

sudo rpi-update

Add user I do not want to continue to use the PI user for security reasons, that’s why we should create a new user with sudo rights.

sudo adduser --gecos "" replace_with_username
sudo usermod -aG sudo replace_with_username

–gecos: Set the gecos field for the new entry generated. Adduser will not ask for finger information if this option is given.

-aG add in group
Now it would be nice if only this user could login via SSH and that we disable root login:
sudo nano /etc/ssh/sshd_config
Add, edit, or append to the end of the file the following line, which contains the usernames you wish to allow to log in
AllowUsers add_with_username
PermitRootLogin no
After the change you will need to restart the sshd service using sudo systemctl restart ssh or reboot so the changes take effect.

Disable Pi user login Everybody knows that on a RPI the user PI is available, so for security reasons I would like to delete this PI user. Please login with your new created user.

sudo deluser pi
sudo passwd root

Change hostname You can change the hostname of the RPI (default: raspberry) by editing the hostname file:  sudo nano /etc/hostname

Firewall We still want to block access to the RPI on any ports that are not explicitly enabled.

apt-get install -y ufw
sudo ufw allow ssh
sudo ufw --force enable
sudo ufw status

Now your RPI is ready to rock!

Leave a Reply

Your email address will not be published. Required fields are marked *