Raspberry Pi Stretch Lite Setup

  1. Download Raspbian Stretch Lite from the Raspberry Pi Foundation’s Raspbian downloads page.

  2. Verify the SHA-256 hash:

    openssl sha -sha256 ~/Downloads/2018-06-27-raspbian-stretch-lite.zip
    # should match 3271b244734286d99aeba8fa043b6634cad488d211583814a2018fc14fdca313
  3. Unzip the SD card image:

    # This method may fail for multi-GB input files (man ditto, ditto -x -k ...)
    unzip 2018-06-27-raspbian-stretch-lite.zip
  4. Write the SD card image to micro SD card following the Raspberry Pi Foundation’s installing images instructions.

    To format card as FAT32 using Disk Utility on macOS, select the disk, click the “Erase” button in the toolbar, Pick “MS-DOS (FAT)” from the “Format” list, and pick “Master Boot Record” from the “Scheme” list.

    This is an example. Disk identifier may vary:

    # Find SD card's disk identifier (disk2)
    diskutil list
    # Unmount the SD card (disk2 may work, or maybe disk2s1, etc.)
    diskutil unmountDisk disk2s1
    # Write the disk image. This should take on order of 2-6 minutes. Maybe longer.
    sudo dd bs=1m if=2018-06-27-raspbian-stretch-lite.img of=/dev/rdisk2 conv=sync
  5. Configure wifi: After dd is done, a new disk volume called boot should auto-mount on desktop and /Volumes/boot. Use a text editor to create /Volumes/boot/wpa_supplicant.conf like this, but fill in the right SSID and password for your wifi network:

    ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
  6. Enable ssh:

    touch /Volumes/boot/ssh
  7. Eject the SD card from Mac, put the micro SD card in Pi, and power Pi with a good USB power adapter rated for at least 2.5 amps.

  8. Find Pi’s hostname or IP address. Probably raspberrypi.local will work automatically after a minute or two.

  9. Log in with the default user and password (pi & raspberry):

    $ ssh pi@raspberrypi.local

    The fresh Raspbian install will generate a new ssh key. If you have an old key cached for raspberrypi.local, ssh will complain about dns spoofing and mis-matched keys. If that happens, edit ~/.ssh/known_hosts and delete the line for raspberrypi.local.

  10. Set the locale, timezone, and hostname:

    sudo raspi-config
    # 1. Localisation > locale > "en_US.UTF-8 UTF-8"
    # 2. Localisation > timezone
    # 3. Network > hostname > pi3
    # 4. Finish > reboot > yes
  11. Wait a minute for the Pi to reboot, then log back in with ssh. Use the new hostname.

    As the Pi reboots, it will stop responding to ssh commands, but local ssh client may not exit immediately. In that case, to get back to a shell prompt, type RET ~ .

  12. Add ssh public key to ~/.ssh/authorized_keys and disable password logins over ssh:

    mkdir -p ~/.ssh
    chmod 700 ~/.ssh
    # Stretch Lite doesn't have vim or emacs yet, so use plain vi
    vi ~/.ssh/authorized_keys
    # Paste public key from ~/.ssh/id_rsa.pub on Mac

    Log out. Log back in. If the key works and you can log in with no password prompt, then continue with this:

    # Disable password logins for ssh
    sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
    sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
  13. Install packages:

    sudo apt update
    sudo apt install -y git figlet screen tmux emacs25-nox
  14. Replace the default login message with a hostname banner:

    # The sed part adds a blank line under the figlet message
    figlet -f small `hostname` | sed '$ a \\' | sudo tee /etc/motd
    # Turn of the dynamic motd noise
    sudo sed -i 's/^\(session.*motd.dynamic\)/#\1/' /etc/pam.d/login
    sudo sed -i 's/^\(session.*motd.dynamic\)/#\1/' /etc/pam.d/sshd
  15. Make directory listings colorful & gpg-agent happy:

    echo 'alias ls="ls --color"' >> ~/.bash_profile
    echo 'GPG_TTY=$(tty); export GPG_TTY' >> ~/.bash_profile
  16. Calm down the Raspberry Pi 3’s activity and power LEDs:

    sudo sed -i 's%^exit 0$%echo none > /sys/class/leds/led0/trigger\nexit 0%' /etc/rc.local
    sudo sed -i 's%^exit 0$%echo mmc1 > /sys/class/leds/led1/trigger\nexit 0%' /etc/rc.local
  17. Disable bluetooth:

    # See https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README
    sudo sed -i '$ a dtoverlay=pi3-disable-bt' /boot/config.txt
    sudo systemctl disable hciuart
    sudo apt remove bluez
    sudo apt autoremove
  18. Switch wifi to a static v4 IP and reduce mDNS chatter:

    sudo cp /etc/dhcpcd.conf /etc/dhcpcd.conf.orig
    cat <<STATIC_IP_CONFIG | sudo tee -a /etc/dhcpcd.conf
    # Use static IP to avoid flakey mDNS & router troubles
    interface wlan0
    static ip_address=
    static routers=
    static domain_name_servers=
    # mDNS:
    sudo sed -i 's/use-ipv6=yes/use-ipv6=no/' /etc/avahi/avahi-daemon.conf
    sudo sed -i 's/#publish-hinfo=yes/publish-hinfo=no/' /etc/avahi/avahi-daemon.conf
    sudo sed -i 's/#publish-aaaa-on-ipv4=yes/publish-aaaa-on-ipv4=no/' /etc/avahi/avahi-daemon.conf
  19. Upgrade packages & reboot:

    sudo apt update && sudo apt upgrade -y
    sudo reboot

WiFi notes

To evaluate signal strength in different locations:

watch -n 1 cat /proc/net/wireless

Guidelines for “Quality.level” field of /proc/net/wireless:

  1. -30 Great. Might get this right next to a router.

  2. -67 Okay. Lower limit for fast file transfers.

  3. -80 Marginal. Network errors. SSH possible but slow and glitchy.