Computerring123
Posts: 89
Joined: Thu Dec 17, 2015 8:51 am

SSH headless enable

Sun Dec 18, 2016 10:44 pm

I dont understand how to put ssh file to boot partition /boot/ of sd card to enable ssh. How to browse boot partition? Can i browse it like if i normally put something to sd card? What kind of file i have to apply? txt or rtf or what. video of this could be good. i really need complete guide of this

e: im talking about this :

https://www.raspberrypi.org/documentati ... ccess/ssh/

https://www.raspberrypi.org/blog/a-secu ... /#comments
Attachments
nimetön2.png
nimetön2.png (58.31 KiB) Viewed 23509 times

User avatar
demoz
Posts: 12
Joined: Tue Aug 30, 2016 12:48 pm
Contact: Website

Re: SSH headless enable

Sun Dec 18, 2016 10:51 pm

Hello there,

I am not sure what you are doing there... But from what i see you are doing it wrong.

To enable ssh service you can edit 2nd partition (not boot) and append following to /etc/rc.local :

Code: Select all

/etc/init.d/ssh start
BEFORE exit.

Example how it should look :

Code: Select all

# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
  printf "My IP address is %s\n" "$_IP"
fi
/etc/init.d/ssh start
exit 0
Above command will start the ssh daemon on boot.

I am not sure if you can access the 2nd partition on windows without using 3rd party tool - you should google for this.
Bitcoin: 1KWVA9qBfTHmzPMvDw4ociqnk71FoLm1mp

https://vaskir.co - check my website :)

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: SSH headless enable

Sun Dec 18, 2016 11:00 pm

Here's the simple answer.

On windows, insert the card into whatever slot you are using (either something on the main system or in a USB slot). Figure out, using whatever tools you are comfortable with, what drive letter the SD card is (will usually be something like F:) Below, I will assume it is F:.

Press Windows Key and r at the same time. At the "Run" prompt, enter "cmd" (without the quotes) and hit enter.

At the C> prompt (or whatever it is), type "dir F:" and hit enter.
You will see a bunch of files.
At the C> prompt, type: "echo.>F:\ssh" and hit enter.

Now do whatever it takes to "safely remove" the SD card from the Windows machine.

Take the card and boot it on the Pi.
If this post appears in the wrong forums category, my apologies.

klricks
Posts: 6593
Joined: Sat Jan 12, 2013 3:01 am
Location: Grants Pass, OR, USA
Contact: Website

Re: SSH headless enable

Mon Dec 19, 2016 1:17 am

Computerring123 wrote:I dont understand how to put ssh file to boot partition /boot/ of sd card to enable ssh. How to browse boot partition? Can i browse it like if i normally put something to sd card? What kind of file i have to apply? txt or rtf or what. video of this could be good. i really need complete guide of this

e: im talking about this :
1. Start Notepad (In Windows Accessories) You can type random text or leave the file empty
2. Save with filename: ssh
(or ssh.txt also works if you have the latest updates).
3. Drop the ssh file into /boot.
4. Boot the SD card in RPi.
Note that the ssh file will be deleted after successful enable / boot.
Last edited by klricks on Mon Dec 19, 2016 5:11 am, edited 1 time in total.
Unless specified otherwise my response is based on the latest and fully updated Raspbian Buster w/ Desktop OS.

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: SSH headless enable

Mon Dec 19, 2016 2:28 am

Note that this method (using Notepad) is dangerous, because of both of the following facts:

1) You will usually create a file with a .txt extension (which you don't want).

2) The fix that you allude to, where ssh.txt is also recognized as a magic filename, is new and may not be present on any given install. I.e., if you haven't downloaded the very latest and greatest, you won't have it.

In my crystall ball, I see a lot of very confused postings coming up on these boards where people follow instructions that get them a file named "ssh.txt" (with the .txt extension) and are confused that it doesn't work (as some of the latest and greatest tuts assure them that it will) - because they don't have the latest version of the software.

In short, you can't beat the command prompt. Follow my instructions and you'll never get a .txt file (unless you really want one).
If this post appears in the wrong forums category, my apologies.

klricks
Posts: 6593
Joined: Sat Jan 12, 2013 3:01 am
Location: Grants Pass, OR, USA
Contact: Website

Re: SSH headless enable

Mon Dec 19, 2016 5:28 am

Martin Frezman wrote:Note that this method (using Notepad) is dangerous, because of both of the following facts:

1) You will usually create a file with a .txt extension (which you don't want).

2) The fix that you allude to, where ssh.txt is also recognized as a magic filename, is new and may not be present on any given install. I.e., if you haven't downloaded the very latest and greatest, you won't have it.

In my crystall ball, I see a lot of very confused postings coming up on these boards where people follow instructions that get them a file named "ssh.txt" (with the .txt extension) and are confused that it doesn't work (as some of the latest and greatest tuts assure them that it will) - because they don't have the latest version of the software.

In short, you can't beat the command prompt. Follow my instructions and you'll never get a .txt file (unless you really want one).
I edited my post to be more clear. I did not know that the ssh.txt was added later. I tend to do updates once or twice a week.

Code: Select all

sudo apt-get update
sudo apt-get upgrade
The .txt extension problem is caused by the MS default setting to hide extensions of known (registered) file-types. This has always led to confusion. I disable that setting on all my Windows systems.
Unless specified otherwise my response is based on the latest and fully updated Raspbian Buster w/ Desktop OS.

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: SSH headless enable

Mon Dec 19, 2016 9:26 am

The .txt extension problem is caused by the MS default setting to hide extensions of known (registered) file-types. This has always led to confusion. I disable that setting on all my Windows systems.
Not really. The .txt extension problem is caused by the fact that notepad, by default, reads and writes files with a .txt extension. Basically, the Windows world is not happy with files without extensions. Effectively, files without extensions are like travelers without passports - they have no identity in the Windows worldview. The "hide extensions" mis-feature just makes it worse, by preventing the user from seeing what's wrong, but the underlying problem is really notepad itself (and the whole philosophical underpinning of Windows).

Really, this whole "let's disable ssh" thing has been a boondoggle. The programming to support it (e.g., the "ssh" file in /boot thing) seems very hit-and-miss (and they don't seem to be done yet). I think they're beginning to rue the day they ever came up with the idea of disabling ssh, and will probably completely reverse (undo) it pretty soon.
If this post appears in the wrong forums category, my apologies.

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: SSH headless enable

Mon Dec 19, 2016 12:54 pm

And I should add to the previous that another issue with this scheme is that catering to ".txt" is arbitrary. What about people who've never used Notepad (which, i think, is most Windows users), but who only use Word? So, now we have to check for "ssh.doc" as well. And what about the Excel users? And the PowerPointers?

The list goes on and on.

And what about the Mac users? I'd imagine that they have a whole 'nother set of extensions to consider.
If this post appears in the wrong forums category, my apologies.

User avatar
HawaiianPi
Posts: 4627
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: SSH headless enable

Mon Dec 19, 2016 11:11 pm

Martin Frezman wrote:Really, this whole "let's disable ssh" thing has been a boondoggle. The programming to support it (e.g., the "ssh" file in /boot thing) seems very hit-and-miss (and they don't seem to be done yet). I think they're beginning to rue the day they ever came up with the idea of disabling ssh, and will probably completely reverse (undo) it pretty soon.
That is so not going to happen. The changes are here to stay. They are working quickly to resolve the issues that people are discovering with the new system, and those fixes will be included in the next image release. Until then we'll just have to deal with them.

Although I must say I am surprised someone who doesn't even know how to create a simple file would be interested in using SSH. No offence to the OP, I understand some people here may be less experienced with computers in general, and new to Linux as well. It's just that SSH is a rather limited and somewhat cryptic interface. It's not designed to be easy.
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

Computerring123
Posts: 89
Joined: Thu Dec 17, 2015 8:51 am

Re: SSH headless enable

Tue Dec 20, 2016 5:28 pm

Martin Frezmans guide success. Thx.

Anchan
Posts: 3
Joined: Thu Dec 22, 2016 1:38 pm

Re: SSH headless enable

Thu Dec 22, 2016 6:44 pm

https://youtu.be/S1UHoTQn11Y
The Above Video has the all the solution to enable ssh in raspbian.

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: SSH headless enable

Fri Dec 23, 2016 12:17 am

Anchan wrote:https://youtu.be/S1UHoTQn11Y
The Above Video has the all the solution to enable ssh in raspbian.
Hardly seems necessary, seeing as how my method:

a) Works fine
and
b) Is obviously the best way to do it.
If this post appears in the wrong forums category, my apologies.

liontooth
Posts: 7
Joined: Sun Oct 02, 2016 8:15 pm

Re: SSH headless enable

Sat Jan 07, 2017 8:50 pm

Hi Martin,

[quote="Martin Frezman"]

At the C> prompt, type: "echo.>F:\ssh" and hit enter.

Two questions:

* Do you really need a period between echo and >?
* Shouldn't you write the ssh file to F:\boot\ssh?

Cheers,
David

User avatar
rpdom
Posts: 15232
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: SSH headless enable

Sat Jan 07, 2017 8:59 pm

liontooth wrote:Two questions:

* Do you really need a period between echo and >?
If I remember DOS command line stuff correctly, Yes.
[/quote] * Shouldn't you write the ssh file to F:\boot\ssh?[/quote]
No.

/boot is where the first partition is mounted in Linux.

Windows doesn't understand anything Linux and just calls if F:\ or something similar

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: SSH headless enable

Sat Jan 07, 2017 9:18 pm

rpdom wrote:
liontooth wrote:Two questions:

* Do you really need a period between echo and >?
If I remember DOS command line stuff correctly, Yes.
Shouldn't you write the ssh file to F:\boot\ssh?
No.

/boot is where the first partition is mounted in Linux.

Windows doesn't understand anything Linux and just calls if F:\ or something similar
Right.

1) The short answer is "not really". echo "just about anything" would work, since the contents of the file is irrelevant. "echo." is the time-honored way of putting out just a blank line in DOS batch files. If you leave out the dot, then you will get the string "ECHO is on." in the file - which, as I said, doesn't hurt anything, but looks kinda silly.

2) Correct. The root level (F:\) in DOS/Windows gets mounted as /boot under Raspbian.
If this post appears in the wrong forums category, my apologies.

liontooth
Posts: 7
Joined: Sun Oct 02, 2016 8:15 pm

Re: SSH headless enable

Sat Jan 07, 2017 9:29 pm

Perfect, thanks.

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: SSH headless enable

Sun Jan 08, 2017 3:37 pm

Martin Frezman wrote:Here's the simple answer.

On windows, insert the card into whatever slot you are using (either something on the main system or in a USB slot). Figure out, using whatever tools you are comfortable with, what drive letter the SD card is (will usually be something like F:) Below, I will assume it is F:.

Press Windows Key and r at the same time. At the "Run" prompt, enter "cmd" (without the quotes) and hit enter.

At the C> prompt (or whatever it is), type "dir F:" and hit enter.
You will see a bunch of files.
At the C> prompt, type: "echo.>F:\ssh" and hit enter.

Now do whatever it takes to "safely remove" the SD card from the Windows machine.

Take the card and boot it on the Pi.
I've got to add that this sort of approach is probably the safest way to always get a file called ssh. Although rather than the "echo.>F:\ssh" step I've used

Code: Select all

copy nul f:\ssh
(nul is roughly the DOS equivalent to /dev/null, but in this case it results in a zero length file)

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: SSH headless enable

Sun Jan 08, 2017 3:39 pm

I've got to add that this sort of approach is probably the safest way to always get a file called ssh. Although rather than the "echo.>F:\ssh" step I've used
6 of one, half dozen of the other.

The echo method is less typing.

It's almost like, the less you want in the file, the more typing you have to do.
If this post appears in the wrong forums category, my apologies.

dwasifar
Posts: 10
Joined: Sun Jan 27, 2013 1:49 am

Re: SSH headless enable

Fri Nov 23, 2018 3:28 pm

Waking up an old thread to give my opinion.

I recently dug out my old Pi B and flashed the SD with Stretch Lite. Initially I found that after each reboot I would have to issue service ssh restart locally before being able to connect remotely via ssh. It never occurred to me that ssh might actually be disabled until I found this thread.

I'm starting ssh in rc.local now and that works fine, although it feels a little kludgy. But really, why would you want to disable ssh on the Lite version, which has no GUI? I can kind of understand it for the full versions; I don't agree with it but I see why one might do it. But there's no advantage to locking the user out of remote CLI on a system that can only be administered by CLI.

DirkS
Posts: 9945
Joined: Tue Jun 19, 2012 9:46 pm
Location: Essex, UK

Re: SSH headless enable

Fri Nov 23, 2018 3:37 pm

dwasifar wrote:
Fri Nov 23, 2018 3:28 pm
But really, why would you want to disable ssh on the Lite version, which has no GUI? I can kind of understand it for the full versions; I don't agree with it but I see why one might do it. But there's no advantage to locking the user out of remote CLI on a system that can only be administered by CLI.
It's not a matter of usefulness or convenience but plain and simple security.
In the 'olden days' it was enabled by default with a default user and password, so everybody with access over a network could easily log in.

If you have a problem with that then you can easily spin your own image using e.g. pi-gen

I assume you changed a setting somewhere that's the cause of your problems (which, BTW are *not* related to headless setup)

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: SSH headless enable

Fri Nov 23, 2018 3:48 pm

dwasifar wrote:
Fri Nov 23, 2018 3:28 pm
I'm starting ssh in rc.local now and that works fine, although it feels a little kludgy. But really, why would you want to disable ssh on the Lite version, which has no GUI? I can kind of understand it for the full versions; I don't agree with it but I see why one might do it. But there's no advantage to locking the user out of remote CLI on a system that can only be administered by CLI.
This has been the default for a few years and the reasons are well documented. At the time the change was made there was a large number of people finding their pi's quickly became very slow as they were being taken over and used by 3rd parties for nefarious purposes.

Your method might feel kludgy because it is. There are several non kludgy methods described for enabling SSH on https://www.raspberrypi.org/documentati ... ccess/ssh/

dwasifar
Posts: 10
Joined: Sun Jan 27, 2013 1:49 am

Re: SSH headless enable

Fri Nov 23, 2018 11:22 pm

DirkS wrote:
Fri Nov 23, 2018 3:37 pm
dwasifar wrote:
Fri Nov 23, 2018 3:28 pm
But really, why would you want to disable ssh on the Lite version, which has no GUI? I can kind of understand it for the full versions; I don't agree with it but I see why one might do it. But there's no advantage to locking the user out of remote CLI on a system that can only be administered by CLI.
It's not a matter of usefulness or convenience but plain and simple security.
In the 'olden days' it was enabled by default with a default user and password, so everybody with access over a network could easily log in.

If you have a problem with that then you can easily spin your own image using e.g. pi-gen

I assume you changed a setting somewhere that's the cause of your problems (which, BTW are *not* related to headless setup)
Why would you assume that? I changed a setting to SOLVE the problem, which was that ssh is unexpectedly disabled "out of the box." I'm accustomed to actual Debian, which is not set up that way. If you install ssh on Debian with apt, the resulting installation works without needing a separate step of enabling it.

dwasifar
Posts: 10
Joined: Sun Jan 27, 2013 1:49 am

Re: SSH headless enable

Fri Nov 23, 2018 11:23 pm

mfa298 wrote:
Fri Nov 23, 2018 3:48 pm
This has been the default for a few years and the reasons are well documented. At the time the change was made there was a large number of people finding their pi's quickly became very slow as they were being taken over and used by 3rd parties for nefarious purposes.
So basically it's an attempt at idiotproofing. :) People were careless with passwords and firewalls because they didn't know any better, and the decision was made to kneecap ssh to protect those users.

As I mentioned, I hadn't used this Pi in some time; the change must have been made since I used it last, because I don't remember having to go through this before.
mfa298 wrote:
Fri Nov 23, 2018 3:48 pm
Your method might feel kludgy because it is. There are several non kludgy methods described for enabling SSH on https://www.raspberrypi.org/documentati ... ccess/ssh/
I haven't looked at the link, but I imagine they involve unmasking the service in systemd. I suppose I could do that too.

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: SSH headless enable

Fri Nov 23, 2018 11:44 pm

dwasifar wrote:
Fri Nov 23, 2018 11:23 pm
As I mentioned, I hadn't used this Pi in some time; the change must have been made since I used it last, because I don't remember having to go through this before.
Things change over the course of 2-3 years, This particular change was at least two years go (look at the dates of the first posts in this tread).
dwasifar wrote:
Fri Nov 23, 2018 11:23 pm
mfa298 wrote:
Fri Nov 23, 2018 3:48 pm
Your method might feel kludgy because it is. There are several non kludgy methods described for enabling SSH on https://www.raspberrypi.org/documentati ... ccess/ssh/
I haven't looked at the link, but I imagine they involve unmasking the service in systemd. I suppose I could do that too.
not even that, maybe you should read the docs before complaining, they were even linked to from the first post in the thread.
dwasifar wrote:
Fri Nov 23, 2018 11:22 pm
I'm accustomed to actual Debian, which is not set up that way. If you install ssh on Debian with apt, the resulting installation works without needing a separate step of enabling it.
But then x86 debian will also ask you to configure a user/ root password during the install. Raspbian (and most pi operating systems) have a well know default user and password which the bots are scanning for all the time.

dwasifar
Posts: 10
Joined: Sun Jan 27, 2013 1:49 am

Re: SSH headless enable

Sat Nov 24, 2018 12:21 am

mfa298 wrote:
Fri Nov 23, 2018 11:44 pm
dwasifar wrote:
Fri Nov 23, 2018 11:22 pm
I'm accustomed to actual Debian, which is not set up that way. If you install ssh on Debian with apt, the resulting installation works without needing a separate step of enabling it.
But then x86 debian will also ask you to configure a user/ root password during the install. Raspbian (and most pi operating systems) have a well know default user and password which the bots are scanning for all the time.
Fair enough, I suppose, but I would think the obvious solution to that would be to not have a default user and password, rather than disabling a basic service. It's like if every house came with the same set of keys, and the proposed solution to the resulting burglary problem was to seal off the doors rather than change the locks.

I did read the docs and comments on your suggestion, and it looks like quite a lot of the commenters agreed at the time that it would be better to force the user to pick a password on first boot.

Return to “Beginners”