Discopter Pi Guide

Chapter 2: Installing an OS and Configuring SSH (Part 1)

First, a note on SSH and our options. SSH, or secure shell, is a way to remotely login to another device and execute command line arguments. Being that we are setting up our Pi as a headless server, it is the only way we are going to be interacting with our Pi. SSH is associated with port 22, though a non-standard port can be set instead. SSH replaced the insecure Telnet protocol (which is still kicking around on port 23) by supporting user authentication.

There are two kinds of authentication supported: password and public-key authentication. With password authentication, anyone who knows your IP address, username, and password can login to your device. It can be convenient, and chances are, you will be the only one who knows all three of those things, but it does leave the door open to password cracking. Using a key file is much more secure. Only a device with the associated private key can log into your Pi. If you set a passphrase on the key file, then you have multifactor authentication. That's the route we'll be going.

Option 1: New Install of an OS

With this option, we first download the official Raspberry Pi Imager application. Another route would be to download an image of the OS and write it to an SD card with an application like Etcher. Unless you foresee setting up a Pi from scratch in an offline environment, or if there's very specific pre-installation configuration that you want to do, there's really no benefit to doing it this way. Raspberry Pi Imager makes it super easy to put a good number of standard, and not-so-standard, operating systems on your Pi and it's the route we'll take.

Step 1: Install Raspberry Pi Imager

  1. Visit Raspberry Pi Imager for your operating system (Windows, macOS, or Linux).
  2. Install Raspberry Pi Imager by following the on-screen instructions.

Step 2: Select and Configure the Operating System

  1. Open Raspberry Pi Imager.
  2. Select your Raspberry Pi model.
  3. Choose "Raspberry Pi OS (other)" under the operating system options, then select the 64-bit Lite version. If you absolutely need a GUI/desktop environment, you can select that here instead.
  4. Insert the SD card you'll be using with your Raspberry Pi into your computer.
  5. In Raspberry Pi Imager, select the SD card you inserted.
  6. Before writing the OS to the SD card, click on "Configure" to edit the configuration settings.

Step 3: Configure Settings

  1. Change the default hostname to something unique that identifies your Raspberry Pi on the network. The default is often 'raspberrypi' as a hostname. Pick anything but that as it's a common target for exploits.
  2. Select a username and password. Ensure that your password is strong but memorable. Avoid using the often default username "pi" for the same reason as above.
  3. If your Pi will be directly connected to your router, you can skip this. If you don't have physical access to your router, or otherwise can't directly plug it in, enable wireless LAN for now and put in the WiFi information. You can disable it later.
  4. Set the locality settings as per your region.

Step 4: Customize Services

  1. If you don't see this option, DO NOT choose public-key authentication. Instead, select password authentication. You'll have to manually add the SSH keys per Option 2 below once the OS is installed.
  2. Under the "Services" tab, choose "Allow public-key authentication only".
  3. Click on "RUN SSH-KEYGEN" to generate the SSH key pair.

Step 5: Save and Write OS

  1. Review your configuration settings to ensure they are correct.
  2. Click on "Write" to save the configuration and write the OS to the SD card.

Step 6: Finding Generated Files

  1. After generating the SSH key pair, you'll need to locate the generated files.
  2. Windows: The SSH key pair files are usually located in the '.ssh' directory within your user's home directory. The private key file 'id_rsa' and the public key file 'id_rsa.pub' will be generated here.
  3. macOS/Linux: Similarly, the SSH key pair files are usually located in the '.ssh' directory within your user's home directory. Use a file manager or terminal to navigate to '~/.ssh/' to find the private and public key files.

Now you have successfully configured your Raspberry Pi with the 64-bit Lite version of the OS. It's ready to be used as a headless server. Skip straight ahead to the next chapter.

Option 2: Enabling SSH Keys on an Already Installed OS

If you don't want to start from scratch with a new installation, we still want to make sure that SSH is set to reject passwords and accept key files. Doing so will depend on which operating system your host machine is using. To be clear, if you chose “Option 1” above and used Raspberry Pi Imager, you can disregard everything below and skip straight to the next chapter.