I follow these steps when I get a shiny new Raspberry Pi or want to re-purpose one completely and 'start from scratch':
- Download and unzip the latest Raspbian Lite.
- Burn the unzipped image to your microSD card, using Etcher if on a Mac, or see Raspbian installation instructions for other OSes.
- Enable ssh for headless setup of the Pi, by keeping the Raspbian SD card mounted, then creating a file (an empty one will do fine) called 'ssh' in the root of the 'boot' partition:
- In Terminal, type
- check that the folder has a
start.elffile listed (just to make sure you're in the right place).
touch ssh(to create an empty file called
ssh, which magically enables the Pi's ssh server at bootup time).
- Unmount/eject the microSD card and put it into your Pi. Connect a network cable from the Pi to your switch/router, then connect power. You should see various LEDs on the Pi flashing as it boots for the first time.
- Use the Admin UI for your router to find out the local IP that's been assigned to the Pi (e.g. 192.168.1.10 or whatever).
- [Optional] Create a MAC/IP reservation in your router's DHCP configuration for the Pi's MAC address, so the Pi always gets the local IP address and that you assign to it. (Alternatively, you could assign a static IP to the Pi later, but I prefer to have the Pi pick up an IP and control things from the router.)
- Connect to the Pi via ssh:
- In Terminal, type
ssh email@example.com, where you replace
192.168.1.10with the actual IP address you looked up in the previous step.
- The default password is
- Install any updates available for Raspbian and existing packages:
sudo apt-get update
sudo apt-get dist-upgrade
Update the Pi's firmware with
Update Sep 2019 - I no longer run
rpi-updateafter setting up a new Pi, as it's not needed for most purposes; official, stable firmware and kernel updates for Pi can be applied with a simple
sudo apt-get update && sudo apt-get upgrade
- Reboot the Pi:
- Wait for the Pi to reboot, then connect to it again (see step 7).
- Configure the Pi for typical headless server use:
- Change the default password for the
piuser (use a strong password, of course!)
- Set the hostname (something simple, short and easy to remember)
- Boot Options > Desktop / CLI > Console
- Boot Options > Wait for Network at Boot > Yes
- Interfacing Options > SSH > Yes
- Advanced Options > Expand Filesystem
- Advanced Options > Memory Split > 16 (we don't need lots of graphics memory as we aren't connecting a display)
- (Press right arrow twice then) Finish
- Reboot the Pi to expand the filesystem and apply any other changes:
Next, I often setup a simple firewall (ufw), setup passwordless (key based) SSH from my trusted devices and enable two factor authentication (2FA) for SSH using Google Authenticator, but this post covers the basic setup of a fresh Raspberry Pi, for use as a headless server on a private network.