I follow these steps when I get a shiny new Raspberry Pi or want to re-purpose one completely and 'start from scratch':

  1. Download and unzip the latest Raspbian Lite.
  2. Burn the unzipped image to your microSD card, using Etcher if on a Mac, or see Raspbian installation instructions for other OSes.
  3. Enable ssh for headless setup of the Pi, by keeping the Raspbian SD card mounted, then creating a file (an empty one will do fine) called 'ssh' in the root of the 'boot' partition:
  • In Terminal, type cd /Volumes/boot/
  • then ls
  • check that the folder has a start.elf file listed (just to make sure you're in the right place).
  • type touch ssh (to create an empty file called ssh, which magically enables the Pi's ssh server at bootup time).
  1. Unmount/eject the microSD card and put it into your Pi. Connect a network cable from the Pi to your switch/router, then connect power. You should see various LEDs on the Pi flashing as it boots for the first time.
  2. Use the Admin UI for your router to find out the local IP that's been assigned to the Pi (e.g. or whatever).
  3. [Optional] Create a MAC/IP reservation in your router's DHCP configuration for the Pi's MAC address, so the Pi always gets the local IP address and that you assign to it. (Alternatively, you could assign a static IP to the Pi later, but I prefer to have the Pi pick up an IP and control things from the router.)
  4. Connect to the Pi via ssh:
  • In Terminal, type ssh pi@, where you replace with the actual IP address you looked up in the previous step.
  • The default password is raspberry.
  1. Install any updates available for Raspbian and existing packages:
  • sudo apt-get update
  • sudo apt-get dist-upgrade
  1. Update the Pi's firmware:
  • sudo rpi-update
  1. Reboot the Pi:
  • sudo reboot
  1. Wait for the Pi to reboot, then connect to it again (see step 7).
  2. Configure the Pi for typical headless server use:
  • sudo raspi-config
  • Change the default password for the pi user (use a strong password, of course!)
  • Set the hostname (something simple, short and easy to remember)
  • Boot Options > Desktop / CLI > Console
  • Boot Options > Wait for Network at Boot > Yes
  • Interfacing Options > SSH > Yes
  • Advanced Options > Expand Filesystem
  • Advanced Options > Memory Split > 16 (we don't need lots of graphics memory as we aren't connecting a display)
  • (Press right arrow twice then) Finish
  1. Reboot the Pi to expand the filesystem and apply any other changes:
  • sudo reboot

Next, I often setup a simple firewall (ufw), setup passwordless (key based) SSH from my trusted devices and enable two factor authentication (2FA) for SSH using Google Authenticator, but this post covers the basic setup of a fresh Raspberry Pi, for use as a headless server on a private network.