How to set up SSH from scratch without connecting a monitor or keyboard [Raspberry Pi, Ubuntu]
Introduction
When playing with the Raspberry Pi or using it as a sandbox for some work, I often reinstall the OS.
Every time, connect the keyboard to the Raspberry Pi, install sshd [^ 1], edit sshd_config, set the SSH public key, start sshd, and so on, every time on the Raspberry Pi side. Is very annoying. Since I'm not used to it, I'm not satisfied with the keyboard operation and I get stressed.
[^ 1]: Not installed by default on Ubuntu Desktop.
So this time, I'll show you how to get the job done on your Mac without connecting a keyboard to your Raspberry Pi.
Note that this is probably possible not only on the Raspberry Pi, but also on the device on which Ubuntu is installed. Also, although this article doesn't cover the details, you can do the same on Linux and Windows.
environment
| Raspberry Pi 4 | Mac | |
|---|---|---|
| OS | Ubuntu 20.10 | macOS Big Sur 11.1 |
Burn Ubuntu image to SD card
First, burn the OS to an SD card (such as a USB memory if it is not a Raspberry Pi) as you normally install.
** Download the Ubuntu Server image instead of Ubuntu Desktop **. Even if you want to use it for desktop, first install it for server. I'll show you how to make it for the desktop at the end.
You can download the Ubuntu image for the Raspberry Pi from here (https://ubuntu.com/download/raspberry-pi).
Burn the downloaded Ubuntu Server image to an SD card. If you want to operate with CUI, use the dd command. BalenaEtcher is convenient if you want to operate with GUI. There are many articles on the Internet about how to burn an image, so I will omit the procedure here.
(optional) Set up Wi-Fi
: information_source: ** Do this only if you connect your Raspberry Pi over Wi-Fi. If you don't want to use Wi-Fi and have a wired connection over Ethernet, or if you don't mind if your Wi-Fi settings are SSH enabled, skip this step. ** **
After burning the OS, the SD card disc may be unmounted, so if it is unmounted, remove the SD card and insert it again.
I think the disc in the mounted SD card is system-boot. Edit the file network-config in it. By the way, the ones mounted on Mac are under / Volumes.
I think there is a commented out description like the following in the file, so uncomment it and enable it.
/Volumes/system-boot/network-config
wifis:
wlan0:
dhcp4: true
optional: true
access-points:
<wifi network name>:
password: "<wifi password>"
Set <wifi network name> to the SSID of your Wi-Fi and <wifi password> to the Wi-Fi password.
: warning: ** <wifi network name> should also be enclosed in double quotation marks " . **
Start Raspberry Pi
Remove the Ubuntu-burned SD card and insert it into the Raspberry Pi. Then turn on the Raspberry Pi. Wait a minute or two for it to start.
Find out the IP address of the Raspberry Pi
Since the IP address of the Raspberry Pi is not fixed, the IP address assigned to the Raspberry Pi cannot be known as it is. So look up the IP address.
Use the arp-scan command to find out the IP address. If you are using Homebrew on your Mac, you can install it with the following command:
$ brew install arp-scan
Then execute the following command.
$ sudo arp-scan -l --interface <NETWORK_INTERFACE_NAME> | grep -i "Raspberry Pi"
For <NETWORK_INTERFACE_NAME>, specify the network interface name. If you do not know the network interface name, refer to "How to find the network interface name" below.
You should see a line similar to the following.
192.168.3.14 xx:xx:xx:xx:xx:xx Raspberry Pi Trading Ltd
The 192.168.3.14 displayed here is the IP address of the Raspberry Pi. This number depends, of course, on the environment.
: information_source: You can do something similar with the arp command, which is pre-installed on macOS and Linux, but this may not work. See TIPS: Why the arp command doesn't work for why it might not work.
If the above doesn't work
If the above arp-scan command does not display anything, try the following two.
$ sudo arp-scan -l --interface <NETWORK_INTERFACE_NAME> | grep -i "dc:a6:32"
$ sudo arp-scan -l --interface <NETWORK_INTERFACE_NAME> | grep -i "b8:27:eb"
The Raspberry Pi seems to start with a MAC address that starts with dc: a6: 32 or b8: 27: eb. It seems that it starts with dc: a6: 32 on Raspberry Pi 4 and starts with b8: 27: eb on other Raspberry Pi.
If you still can't find it, Ubuntu may not be fully booted yet, so wait an additional 5 minutes.
Also, if you connect with Wi-Fi settings, it seems that it may fail at the first startup, so if you can not wait for more than 5 minutes, turn off the power of Raspberry Pi and start it again. Please wait a few minutes and try again.
By the way, if you are trying this procedure on a device other than Raspberry Pi, grep with " Raspberry Pi ", " dc: a6: 32 " or " b8: 27: eb " will not come out. I think, so execute the following command and look for something like that.
$ sudo arp-scan -l --interface <NETWORK_INTERFACE_NAME>
How to find the network interface name
Open "Network" in "System Preferences".
Select the network that is "Connected" to find out the IP address assigned to your Mac.
| For wired connection | Wi-For Fi |
|---|---|
 |
 |
It doesn't matter if you are connected to both wired and Wi-Fi. Anything that is connected to the network will do, so look up the IP address of that connection.
Then execute the following command.
$ ifconfig | grep <IP_ADDR> -B 10
For <IP_ADDR>, specify the IP address you just looked up.
Then, the following result will be obtained.
... (Ignore OK)
...
...
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
... (abridgement)
...
...
...
...
inet 192.168.3.28 netmask 0xffffff00 broadcast 192.168.3.255
In the above example, we found that the network interface name is en0. Since the above example is Wi-Fi, the interface name of the network connected by Wi-Fi was en0. By the way, it was en7 for a wired connection. These results will vary depending on your environment.
Try SSH
At this point, you are ready to SSH. Let's actually SSH. The username is ubuntu.
$ ssh ubuntu@<IP_ADDR>
For <IP_ADDR>, specify the IP address of the Raspberry Pi found in the previous step. In the example of this article, it was 192.168.3.14.
If this is your first connection, the following message will be displayed. Type yes and press the return key.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
After that, you will be asked for a password, so type ubuntu and press Return. Next, you will be asked to set a new password, so set a new password.
If you can log in, you are successful! Thank you for your support. After that, create a key, install the public key on the Raspberry Pi, perform public key authentication, and set it up in each environment.
Please refer to the following articles for SSH configuration files and firewall settings.
Minimum SSH settings after starting a new server (https://qiita.com/noraworld/items/2f72035544a04d88b9e3)
Please refer to the following article for how to make it a fixed IP address.
How to make Ubuntu a fixed IP address on the command line (explained as carefully as possible)
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Is displayed
If you have reinstalled your Raspberry Pi many times, you may see a message similar to the following:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:XXXX/XXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Please contact your system administrator.
Add correct host key in /Users/noraworld/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/noraworld/.ssh/known_hosts:16
ECDSA host key for 192.168.3.14 has changed and you have requested strict checking.
Host key verification failed.
This is a warning message that you may have been attacked by a man-in-the-middle, but if you have reinstalled the OS on your Raspberry Pi many times and you happen to get your IP address (or before) (If the same IP address as is assigned fixedly) is displayed. "The same IP address but different fingerprints may mean that a bad person is urging you to log in to another server."
However, in this case, the fingerprint has changed simply by reinstalling the OS, so in that case, the corresponding line from ~/.ssh/known_hosts (the IP address at the beginning of the line is the IP address of the Raspberry Pi) ) Should be deleted.
(optional) Install Ubuntu Desktop
: information_source: ** Do this only if you want to use Ubuntu Desktop. If you are using Ubuntu Server, skip this step. ** **
If you want to change from Ubuntu Server to Ubuntu Desktop, run the following command.
$ sudo apt -y install ubuntu-desktop
If that doesn't work, please refer to here.
TIPS: Why the arp command doesn't work
The bottom line is that the arp command is looking at the cache.
First, ARP is an abbreviation for Address Resolution Protocol, which is a protocol for broadcasting by sending a packet to a broadcast address in a LAN and obtaining the IP address and MAC address of the device connected in that LAN. The arp command does that.
For example, if you run the arp command on a network with an IP address of 192.168.3.0 and a subnet mask of 255.255.255.0, it will send a packet to the broadcast address of 192.168.3.255. Then, within the range of IP addresses from 192.168.3.1 to 192.168.3.254, you can get the IP address used and the MAC address of the device to which the IP address is set.
In the section on finding the IP address of the Raspberry Pi in this article, I used this ARP to identify the IP address, but I purposely installed and used the arp-scan command instead of the arp command.
Actually, the execution result of the arp command is not the state at the time of executing the command, but only the state that it had in the past is cached and displayed. This means that after you start your Raspberry Pi and connect to the network for the first time, it will take some time before you can see the Raspberry Pi's IP and MAC addresses with the arp command.
I don't know when the cache will be updated, but it didn't update after waiting more than 10 minutes after the Raspberry Pi started.
I didn't know when it would be updated, and even if I knew it, I couldn't wait for hours, so I used the arp-scan command.
Experiment
I tried running the arp command before and after running the arp-scan command to make sure that the arp command was displaying the contents of the cache.
$ arp -na
? (192.168.3.1) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.1) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (192.168.3.11) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (192.168.3.18) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.18) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (192.168.3.19) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.19) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (192.168.3.24) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (224.0.0.251) at x:x:xx:x:x:xx on en0 ifscope permanent [ethernet]
? (224.0.0.251) at x:x:xx:x:x:xx on en7 ifscope permanent [ethernet]
? (239.255.255.250) at x:x:xx:xx:xx:xx on en0 ifscope permanent [ethernet]
? (239.255.255.250) at x:x:xx:xx:xx:xx on en7 ifscope permanent [ethernet]
Five IP addresses were found, excluding duplicate IP addresses and multicast addresses (IP addresses in the range 224.0.0.0 to 239.255.255.255, the four lines below in the example above).
$ sudo arp-scan -l --interface en0
Interface: en0, type: EN10MB, MAC: xx:xx:xx:xx:xx:xx, IPv4: 192.168.3.28
Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.3.1 xx:xx:xx:xx:xx:xx Hon Hai Precision Ind. Co.,Ltd.
192.168.3.11 xx:xx:xx:xx:xx:xx Apple, Inc.
192.168.3.12 xx:xx:xx:xx:xx:xx ELECOM CO.,LTD.
192.168.3.14 xx:xx:xx:xx:xx:xx Raspberry Pi Trading Ltd
192.168.3.18 xx:xx:xx:xx:xx:xx Luxshare Precision Industry Company Limited
192.168.3.20 xx:xx:xx:xx:xx:xx ASIX ELECTRONICS CORP.
192.168.3.25 xx:xx:xx:xx:xx:xx Sony Interactive Entertainment Inc.
192.168.3.19 xx:xx:xx:xx:xx:xx (Unknown: locally administered)
192.168.3.26 xx:xx:xx:xx:xx:xx Oculus VR, LLC
192.168.3.21 xx:xx:xx:xx:xx:xx Texas Instruments
192.168.3.102 xx:xx:xx:xx:xx:xx Belkin International Inc.
192.168.3.27 xx:xx:xx:xx:xx:xx (Unknown)
192.168.3.23 xx:xx:xx:xx:xx:xx Espressif Inc.
525 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.7: 256 hosts scanned in 1.994 seconds (128.39 hosts/sec). 13 responded
A total of 13 IP addresses were found by running the arp-scan command. This is the result of a real broadcast that is not cached.
$ arp -na
? (192.168.3.1) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.1) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (192.168.3.11) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.11) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (192.168.3.12) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.14) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.14) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (192.168.3.18) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.18) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (192.168.3.19) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.19) at xx:xx:xx:xx:xx:xx on en7 ifscope [ethernet]
? (192.168.3.20) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.21) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.23) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.25) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.26) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.27) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.3.102) at xx:xx:xx:xx:xx:xx on en0 ifscope [ethernet]
? (224.0.0.251) at x:x:xx:x:x:xx on en0 ifscope permanent [ethernet]
? (224.0.0.251) at x:x:xx:x:x:xx on en7 ifscope permanent [ethernet]
? (239.255.255.250) at x:x:xx:xx:xx:xx on en0 ifscope permanent [ethernet]
? (239.255.255.250) at x:x:xx:xx:xx:xx on en7 ifscope permanent [ethernet]
When I ran it again, I did see 13 (excluding duplicate IP and multicast addresses). That's why the arp command was displaying the cache.
Summary
I was able to set up Ubuntu without any work on the Raspberry Pi itself.
Until I knew how to do this, I used to connect a keyboard and monitor to the Raspberry Pi and work until I could SSH, but it was a mess. Now that the work is gone, it's very easy to reinstall the OS.
The point of this method is to use ARP. You can also mount the Ubuntu disk and put the configuration file under / etc/netplan to make it a fixed IP address, but macOS cannot mount the Linux file system ext4 [^ 2], so At the time of installation, I gave up fixing the IP address and used ARP to check the IP address assigned by DHCP.
I'm pleasure to be of some help.
[^ 2]: Strictly speaking, it is possible by installing packages and apps, but ext4fuse is read-only and cannot be edited, and extFS for Mac by Paragon Software is a paid solution, so it is not a very good solution.
Reference site
- How to install Ubuntu Server on your Raspberry Pi -Check the IP address of the Raspberry Pi connected in the same LAN
Recommended Posts