How to configure a headless Raspberry Pi with SSH before the first boot

A quick post so I can find it in the future when I will inevitably have forgotten how to do this :)

Say you want to install a Raspberry Pi running Raspberry Pi OS (fka Raspbian), but you don’t want to connect a screen and keyboard to it for the initial configuration steps - here’s how you do it completely over SSH from the first boot.

• Write the Raspberry Pi OS image to your SD card as normal
• Mount the newly written /boot partition on the Pi on your computer
• Create an empty file named ssh, without a file type / ending. On Linux and macOS, this is easily done with touch ssh if you’re in the right directory. This tells the OS to enable SSH access right away.
• Next, create a user with a password on the SD card as that’s not done automatically anymore.
  • Create an encrypted password for your new Raspberry Pi user. On Linux and macOS, this can be done with OpenSSL. For added security, write the new password into a masked shell variable so it doesn’t show up in your computer’s shell history:

    [morph@void ~]$ read -s pw
    [morph@void ~]$ echo "$pw" | openssl passwd -6 -stdin
    $6$4E2z6hQOGLZCK5ZN$ESo2r/tO7Sy1Xmyp/bFzQ0A8zNNMhOoj0XocoGVbc8PVLcHlDr/kQiRvv/vOfdopLkylTVQSfK4n97SR9VGGF1
    

  • the long random string is your encrypted password. Next, create another file next to the ssh file on the SD card’s boot partition named userconf.txt.
  • Open userconf.txt with your favourite text editor and in the first and only line enter your desired username and the encrypted password, separated by a colon. It should look like this: morph:$6$4E2z6hQOGLZCK5ZN$ESo2r/tO7Sy1Xmyp/bFzQ0A8zNNMhOoj0XocoGVbc8PVLcHlDr/kQiRvv/vOfdopLkylTVQSfK4n97SR9VGGF1

And that’s it. Unmount your card, pop it into the Pi, connect it to your network and boot. You should now be able to SSH into it using your new credentials. No monitor needed.