sylvain durand

Raspbian Lite on Raspberry Pi

More than four years ago, I wrote an article explaining how to Install Arch Linux on Raspberry Pi:

I have since migrated to the Raspbian distribution, based on Debian and made specifically for the Raspberry Pi.

Historically very large, because it has a graphic interface and several specific software, Raspbian now exists in a Light version that allows you to limit the packages to the essentials, to manage your Raspberry Pi from the command line.

This article is a small personal memo on the steps to install and secure Raspbian to get a Raspberry Pi ready to use, usable via command line with SSH.


First we download the image of Raspbian. Select “Raspbian Stretch Lite”. The official site offers user manuals for Linux, MacOS and Windows.

On MacOS, we start by looking at the address of the SD card:

diskutil list

Once you know the SD card number, which appears as /dev/disk<number>, you unmount the volume, then write the image on it:

diskutil unmountDisk /dev/disk<number>
sudo dd bs=1m if=image.img of=/dev/rdisk<number> conv=sync

To be able to connect with SSH, we must create a file named ssh at the root of our SD card:

touch /Volumes/boot/ssh

If you need to connect on a Wifi network at boot:

nano /Volumes/boot/wpa_supplicant.conf

We put:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev

Finally, we eject the card:

sudo diskutil eject /dev/rdisk<number>

First connection

Once the Raspberry is powered up with the SD card, you can connect with SSH:

ssh pi@<raspberry-pi-ip>

The default password is raspberry. Let’s start by changing it:



After setting up a new server, we start by updating all the packages:

sudo apt-get update && sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt autoremove

Language settings

In order to set the language and time zone, launch:

sudo dpkg-reconfigure locales
sudo dpkg-reconfigure tzdata


We will prevent the `root’ connection and change ports, in order to prevent a large number of attack attempts. To do this, we edit:

sudo nano /etc/ssh/sshd_config

We modify the following parameters with:

Port <your-custom-port>
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
PermitEmptyPasswords no

We finally restart the Raspberry Pi:

sudo reboot

Connection via SSH

Locally, we create a new private key:

ssh-keygen -t ed25519 -a 100

Then we edit .ssh/config to connect easily:

Host pi
    Hostname <raspberry-pi-ip>
    Port <your-custom-port>
    User pi
    IdentityFile ~/.ssh/<your-private-key>

Then we send the public key to the server:

ssh-copy-id -i ~/.ssh/<your-private-key> pi

You can then connect directly with ssh vps.

The system is now fully operational!