SBC in the House with the Raspberry Pi

Set up a headless Raspbian Stretch in 20 minutes or less

In the house

In this new series of articles, I’ll show you how to install all sorts of things in the comfort of your house. Yes, you’ve heard that right: the hardware will be located inside of your house. We’ll be installing software on things that we can actually see, touch and sometimes smell… How exciting is that? It’s like we’re back to 2003! Zero cloud, amigo.

For the first installment of this series, I’ll talk about the most popular SBC (single-board computer) in the market today: the Raspberry Pi. Every time I’m setting up a new RPi, I need to go back to my notes and review the whole process again and again and again and again. So, I decided to just write it down once and for all and share it with you. Here it is.

/img/2018/07/2018-07-10-sbc-in-the-house-with-the-raspberry-pi/raspberry-pi-3-b-thumb.jpg

Raspberry Pi 3 Model B. (Courtesy of Wikipedia.)

Overview

The overall process is quite simple: download an operating system compatible with the RPi (I’ll be using Raspbian Stretch Lite); flash the OS image into an SD card; have fun!

Requirements

Hardware:

  • an RPi (duh!);
  • an SD card (or mini SD card, depending on your RPi model) of at least 4 GB;
  • an SD card reader/writer.

Software:

  • basic GNU toolset. I’ll assume you’re running a *nix OS on your personal computer;
  • Nmap.

Flash OS into SD card

Prepare SD card

Before plugging the SD card into your personal computer, use dmesg to list the peripherals currently attached to the machine:

watch "dmesg | grep sd | tail -10"

Leave that command running and insert the SD card into the SD card reader/writer’s slot. Once you do that, you should notice the terminal’s screen display some different output. In my case, the output shows that the newly attached SD card is mapped to the sdb device:

Every 2.0s: dmesg | grep sd | tail -10                                                                                 Sun Jul 08 14:06:23 2018

[ 2991.442774] sd 5:0:0:0: [sdb] 7744512 512-byte logical blocks: (3.97 GB/3.69 GiB)
[ 2991.443797] sd 5:0:0:0: [sdb] Write Protect is off
[ 2991.443803] sd 5:0:0:0: [sdb] Mode Sense: 03 00 00 00
[ 2991.444879] sd 5:0:0:0: [sdb] No Caching mode page found
[ 2991.444886] sd 5:0:0:0: [sdb] Assuming drive cache: write through
[ 2991.449914]  sdb: sdb1 sdb2
[ 2991.453579] sd 5:0:0:0: [sdb] Attached SCSI removable disk
[ 2991.984276] FAT-fs (sdb1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 2992.033111] EXT4-fs (sdb2): recovery complete
[ 2992.033121] EXT4-fs (sdb2): mounted filesystem with ordered data mode. Opts: (null)

You can hit CTRL+c to exit the command.

Linux will usually mount the SD card as soon as we plug it in, but we won’t leave it mounted like that, because we want to override its contents in a safe way. To unmount it, first find the local partition(s) it’s mounted to:

$ df -h | grep sdb
/dev/sdb1                     63M   21M   43M  33% /media/space-ghost/boot
/dev/sdb2                    3.6G  978M  2.5G  29% /media/space-ghost/292637e1-4ce7-46df-2a00-ad787c2517bb

To unmount those partitions, use the command umount on each of their associated mount points (replace /dev/sdb1 and /dev/sdb2 accordingly):

sudo umount -l /dev/sdb1
sudo umount -l /dev/sdb2

Running df -h | grep sdb should now return an empty result.

Download OS image

The following commands will download Raspbian Stretch Lite (~350 MB archived as a zip file) from the official website and unzip it into your ~/Downloads directory:

wget https://downloads.raspberrypi.org/raspbian_lite_latest -O ~/Downloads/rpi.zip
unzip ~/Downloads/rpi.zip -d ~/Downloads

The resulting .img file will be placed in the ~/Downloads directory. For the Raspbian Stretch Lite OS, that file is approximately 1.8 GB, so my 4 GB SD card should be more than enough for the new OS installation.

Flash OS image into SD card

This step will rely entirely on the dd command. Don’t let this cute reduplication deceive you—dd will regretlessly override everything you have in your SD card. Make sure the output parameter (of) is pointing to your SD card’s device (example: /dev/sdb). You don’t want to wipe out your computer’s hard drive, do you? This is the command’s blueprint:

dd bs=<bytes-per-instruction> if=<full-path-to-os-image> of=<sd-card-device-name> status=<stderr-information-level>

In my case, I want to write 4 MB at a time—too fast is too scary—and output the progress of the command to STDERR. Note that if (input file) and of (output file or device) will entirely depend on where the OS image was placed in your computer and where your SD card is mounted, respectively.

sudo dd bs=4M if=~/Downloads/2018-06-27-raspbian-stretch-lite.img of=/dev/sdb status=progress

This is the result I get when running the command with the status parameter:

1858076672 bytes (1.9 GB, 1.7 GiB) copied, 154.072 s, 12.1 MB/s
444+0 records in
444+0 records out
1862270976 bytes (1.9 GB, 1.7 GiB) copied, 198.527 s, 9.4 MB/s

Same amount of records in and out—that looks like success to me. The OS part is done, but… (There’s always a but.)

Enable the SSH server

If you were to plug the SD card into the RPi now, turn it on, connect it to an ethernet cable and try to access it from another computer in the LAN, you wouldn’t be able to access it. That’s because all ports are closed by default. If you don’t believe me, nmap will convince you. Assuming your RPi’s IP address in the LAN is 192.168.0.19, try this from your local computer:

$ nmap -PN 192.168.0.19

Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-08 14:56 EDT
Nmap scan report for 192.168.0.19
Host is up (0.013s latency).
All 1000 scanned ports on 192.168.0.19 are closed

Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds

The RPi is up and its networking stack is functioning as expected, but all ports are closed. By the way, that’s by design. According to the official documentation, “As of the November 2016 release, Raspbian has the SSH server disabled by default.”

So, unless you want to connect a monitor and a keyboard to a headless RPi (shame on you!), you’ll have to enable the SSH server. “HOW AM I SUPPOSED TO ENABLE THE SSH SERVER IF I NEED SSH FOR THAT?!” Yeah, yeah, I hear you—it’s a chicken or the egg situation. The folks behind Raspbian were kind enough to add a bootloader instruction that starts the SSH service every time the RPi is turned on. All we need to do is find the boot partition in the SD card and place an empty file called ssh in there. Let’s do that now.

Remove the SD card from your computer and repeat the process described in the beginning of this article. This is the sequence we want to play this time:

  1. remove SD card from slot;
  2. run watch "dmesg | grep sd | tail -10";
  3. plug SD card back in;
  4. take note of its mount points with df -h | grep sdb. (They’ll probably be the same.)

As you may remember, the last step (df -h) will output two entries, the first one being the boot partition. I know that because its associated path contains the word boot in it:

$ df -h | grep sdb
/dev/sdb1                     63M   21M   43M  33% /media/space-ghost/boot
/dev/sdb2                    3.6G  978M  2.5G  29% /media/space-ghost/202638e1-4ce4-45df-9a00-ad725c2537bb

All that’s left to do is create the dummy ssh file inside the directory associated with that partition:

sudo touch /media/space-ghost/boot/ssh

No need to chmod, chownnada. Just leave the file there; unmount the two partitions as shown earlier; and remove the SD card from the slot. Now for the fun part.

Turn it on

Plug the SD card into the RPi and turn it on—don’t forget the Ethernet cable. Give a few minutes and try to SSH into it (username is pi and password is raspberry). To find the RPi’s IP in the LAN, you can resort to our good friend nmap again. Assuming your router is configured to use the 192.168.0.* address range, you can try this from your local computer:

nmap -sP 192.168.0.1/24

The RPi’s IP address should be somewhere in the middle of the output from that command. The full SSH command will look something like this:

ssh pi@192.168.0.19

Post-installation

Raspbian comes with a configuration tool called raspi-config, which allows us to tweak values for all sorts of system-level functionalities. While these steps are not mandatory, I highly recommend that you follow them. To access the configuration tool, just run sudo raspi-config from the terminal.

Change the system timezone

To change the OS timezone, scroll down to menu item 4, Localisation Options (yes, with an s, cause that’s how the Queen likes it, mate). Then, select option I2 (Change Timezone) and follow the instructions.

Expand filesystem

As mentioned before, Raspbian Stretch Lite will take up approximately 1.8 GB of the SD card, which means that the remaining space won’t be used by the operating system. If you plan on installing extra software on the RPi or even keeping the OS updated with the latest system packages, it’s a good idea to expand its root filesystem so that you can use the SD card to its full capacity and avoid out of space issues. To do that, scroll down to menu item 7 (Advanced Options) and select option A1 (Expand Filesystem). Just follow the instructions and restart Raspbian. On the next system reboot, the OS will have access to the entire space in the SD card.

After the reboot, you may want to update the system with the usual ceremony:

sudo apt update
sudo apt upgrade

Password

In cases where the RPi should be accessible from the Internet (or if you don’t trust the people who frequent your house…), I recommend you change the default user’s password and only accept SSH connections through an encrypted key.

To change the default user’s password, go to raspi-config’s option 1 (Change User Password) and follow the instructions.

To secure the SSH connection, start by adding your public SSH key to the RPi’s default user (pi). Assuming you already have SSH keys set up for your local user, you can try something like this from your personal computer’s terminal (replace the IP address with your RPi’s IP address):

ssh-copy-id pi@192.168.0.19

That’s right: you do not need to create a new user on the RPi to match the username on your personal computer—as long as the private key on your computer matches the public one on the RPi, SSH will let you in.

You can then—and only then!—disable password authentication. Back to the RPi’s terminal, run the following commands:

sudo sed -i.bak 's/^#PasswordAuthentication\s*yes$/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd

Note that the first command (sed) will make a backup copy (/etc/ssh/sshd_config.bak) of the SSH server’s config file. Keep it there for future reference.

Change hostname

On Raspbian, the RPi’s hostname is set to raspberrypi by default. In the event that you add other RPis to your LAN, customizing this value will avoid hostname conflicts and let you easily identify those devices. This will not only simplify your life but also let you use port-forwarding rules and network protocols that rely on hostnames to function properly.

To change your RPi’s hostname, go to item 2 (Network Options), select option N1 (Hostname) and enter a valid hostname.

Create an OS backup

Now that you have your RPi in the state you want it to be (SSH is configured, timezone is set up etc.), consider making a backup of the whole system. This way, in case the SD card gets corrupted or you just want to replicate that setup onto another RPi, all you need to do is grab the backup .img file and replay it on a new SD card. That would take you even less then 20 minutes!

In order to achieve this, we will once more resort to the dd command. This time around, we want to copy the contents of the SD card into an image file that we’ll save in our local computer. So, turn off the RPi; remove the SD card; and then execute the following steps:

  1. run watch "dmesg | grep sd | tail -10";
  2. plug SD card into computer;
  3. take note of its device name (eg.: /dev/sdb);
  4. run dd to copy the SD card’s contents into a local .img file:

    sudo dd bs=4M if=/dev/sdb of=~/my-headless-raspbian-backup.img status=progress

That’s it. You now have a full backup of your SD card.

Conclusion

Now that you have an RPi set up and running, the sky is the limit—you can implement all sorts of DIY projects on it, from network firewalls to DNS servers. Those will come in future installments of this series.

diy  hardware  home  rpi  sbc