SSH headless Raspberry Pi setup

This guide assumes there is no Internet, no Wifi, no router, no display, no keyboard. It assumes you have a Raspberry Pi and laptop with:

  • Ethernet port (built-in or USB-Ethernet adapter)
  • plain (or crossover) Ethernet cable–no router/switch is required

Some laptops can also work via USB-C connection and the RNDIS Ethernet driver instead of the Ethernet jack. However, some laptops, particularly on Windows may not work for RNDIS. The symptom of this is that the Pi shows up as a serial port instead of an Ethernet connection. Hence, best to use the Ethernet jack for better reliability.

Before going into the field away from internet, download:

Prepare SD card via the Raspberry Pi imaging tool to write the desired SD card image. If the laptop is not on the internet, use the imager tool to write the .img you downloaded previously. After writing the SD card image, in the SD card “boot” partition enable SSH on the headless Pi for first boot by creating an empty file named “ssh”. First navigate in the laptop terminal to this “boot” directory. On Linux or MacOS, this is done by:

touch ssh

On Windows PowerShell, this is done by:

New-Item ssh

N.B.: this is NOT the “boot” directory in the 4 GB main partition of the SD card, this is a separate < 100 MB partition named “boot”. It has other important files like config.txt in it.

Optionally, WiFi is enabled by editing from your laptop on the SD card the file /etc/wpa_supplicant/wpa_supplicant.conf and adding lines like

   ssid="my cool wifi router"
   psk="my wifi password"

Optionally, prioritize Wifi networks by the priority field, which can be a positive or negative integer.

  • default priority is 0.
  • equal priority Wifi is based on signal strength, security, etc.

“eject” or unmount the SD card before removal, to avoid corrupting the SD card file system.

Boot the headless Pi by inserting the SD card into the Pi and powering up the Pi. We use link-local networking, where the IP address will be in the 169.254.*.* range, no DHCP server needed. You may need to manually select this network when you plug the Pi into your laptop. After about one minute, on your laptop plugged directly to the Pi via Ethernet:

ssh pi@raspberrypi.local

default password is raspberry

Logged into the Pi, change the default password to something else with


Set unique hostname via “raspi-config”. For example, if chose mypi then after Pi reboot:

ssh pi@mypi.local

Set locale to be UTF-8. Assuming you wish to have the United States locale, uncheck the default GB and check en_US.UTF-8 UTF-8. When prompted for default locale, also selected en_US.UTF-8 UTF-8. If you don’t pick a UTF8 locale, Python may give UnicodeDecodeError with UTF8, even when .py script already has # -*- coding: utf-8 -*-.

Again assuming you’re using a United States keyboard, set keyboard layout in raspi-config to Generic 104 keyboard, United States layout to avoid not being able to type symbols properly. Reboot to make the locale settings take effect.

Just a simple network switch connecting Raspberry Pis, PCs and other devices makes an internet-free, pure link-local “off the grid” network. Of course, you can also put the Pis on a wired or wireless network connected to the Internet if desired. The .local address functionality will NOT work over the Internet, but only on the LAN segment your device is on.

Without further configuration, SSH servers listen on all interfaces. Normally this is fine. If you want only specific interface(s) to have the SSH server listen, you will need to research ListenAddress of /etc/ssh/sshd_config and/or IPTables.