Why disable SSH on my Raspberry Pi?! (UPDATE)

Update

I tweeted in a message to the Raspberry Pi folks and raised an issue from their github repository, and was told the reason for the change was because security. Totally understandable reason, Raspberry Pi’s or possibly being co-opted into botnets with far too much ease. Fair enough.

My issue with the fact that the change could have been more widely reported, maybe with a message on the download page for a month or so saying that this change it happened would have been enough.

Anyway, agree with the decision to turn ssh off by default and it’s good that they are keeping track of security issues as they come up. The article I was linked to can be read here.

Important Preface

Let me preface this relevant by saying that I LOVE the Raspberry Pi, I have at least nine of them and mild obsession doesn’t even come close to it. Seriously, you should buy one immediately, you wont to regret it.

The Rant

No but seriously, why all of a sudden in recent releases of Raspbian is SSH disabled by default?! Head Explodes. It took me good three or four hours of googling before I came upon the solution and I’m really used to using the Pi, know my way around the command line and pretty much know what I’m doing. But for a newbie who didn’t have the ability to plug in a keyboard and mouse this could have been a dealbreaker. Once I finally stumbled upon the solution it was pointed out that it was in the documentation after all but it is one sentence right at the very bottom of this SSH page and it isn’t mentioned anywhere else as far as I can see. I think a change of this magnitude requires ALL CAPS some bold text!

You see, large chunks of my home automation system run on the Raspberry Pi so the number of times I have installed Raspbian to a new SD Card, then just happily logged in using SSH are literally too numerous to count. However when I tried it this morning it was like getting in the car after twenty years of driving, turning the steering wheel to the left only to find that my car turned to the right. Much perplexed, very swearing ensused.

If you’re quadriplegic like me then headless installs are the only way to go really, plugging in a keyboard and mouse by yourself is completely out of the question and there isn’t always a useful and willing Designated Pair of Hands™ around when you need them. So if I hadn’t had someone to help me1 today I would have been completely locked out of this new installation of Raspbian and unable to do anything useful. Not a big deal I hear you say. Well that’s absolutely true if it’s a Minecraft server, but what if your Raspberry Pi controls your lighting, heating, front door, curtains and is an IRC server so you can talk to your friends and family? Casts a new light on the situation, don’t you think?

The Solution

Anyway, to get around this problem just install the operating system as normal to the SD card using these very useful instructions from the Raspberry Pi Foundation, and when the process is finished place a small file called ssh in the root of your SD card.

So for me when I’d run the command to install Raspbian and waited for it to finish:

sudo dd bs=1m if=2016-11-25-raspbian-jessie-lite.img  of=/dev/rdisk1

I then ran this command on my Mac to place the file in the right place:

touch /Volumes/boot/ssh

Note: boot is the name of the SD card that I’m using, yours might be different, if so just change the name in that part of the command.

Once you have successfully logged in to your shiny new Raspberry Pi, you need to make sure that ssh is enabled each time you reboot your Raspberry Pi. I think simply placing the ssh file on the SD card makes this so but there’s nothing in the documentation to say so, so better safe than sorry.

You can check the state of the ssh service when you first log in by running the command:

systemctl status ssh.service

The output from a command should contain the words “Active: active (running)”, and if they do everything is groovy. If it doesn’t then you need to enable SSH manually.

You can enable or disable the SSH service using the raspi-config tool which I wrote a little tutorial about here.

Conclusion

Let me say again that I really really really love the Raspberry Pi and would be happy to help write the documentation to make this more visible, I actually think you should stop reading now and go and buy yourself one.

If anybody gets stuck, drop me a line in the comments and I’ll give you a hand.

  1. My wonderful SO was wonderful. :-)