Logging into Raspberry Pi via SSH on Local Network
Time estimate: 20–30 minutes (longer if writing a fresh SD card)
SSH (Secure Shell) is an encrypted network protocol for remote command-line access. It replaces older unencrypted protocols like Telnet — all communication (including your password) is encrypted in transit. SSH uses a client/server model: the Raspberry Pi runs an SSH server (listening on port 22), and your laptop runs an SSH client that connects to it. You will use SSH in every tutorial in this course.
If you are using the RPis in the lab, SSH is already enabled and the SD cards are pre-imaged. Skip to Find the Raspberry Pi’s IP Address.
Writing Raspberry Pi OS to an SD Card
If you are setting up a Raspberry Pi from scratch (at home or for a new lab device), you need to write the operating system image onto a microSD card and configure it for headless (no monitor, no keyboard) access — all from the command line.
What You Need
- A microSD card (16 GB or larger, Class 10 / U1 minimum)
- A computer with a microSD card reader (USB adapter is fine)
- Internet connection to download the image
- A Linux or macOS terminal (Windows users: use WSL2)
Step 1: Download Raspberry Pi OS Lite
Go to the official OS download page and download Raspberry Pi OS Lite (64-bit) — the .img.xz file. Lite has no desktop environment, which makes it smaller and is the standard choice for embedded and server use.
After downloading, verify the file integrity:
Compare the output to the SHA256 checksum shown on the download page. If they match, the file is intact.
Step 2: Write the Image to the SD Card
Insert the microSD card and identify the device name. Run lsblk before and after inserting the card — the new entry is your card (e.g., /dev/sdb or /dev/mmcblk0):
Warning
Double-check the device name. The dd command writes raw data to the target device and will destroy all contents of the wrong drive if you misidentify it. Make sure you are targeting the SD card, not your system disk.
Decompress and write the image in one step:
xzcat 2025-12-04-raspios-trixie-arm64-lite.img.xz | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync
On macOS, use the raw disk device (rdiskN) for faster writes:
| Flag | Purpose |
|---|---|
bs=4M |
Write in 4 MiB blocks for better throughput (macOS uses lowercase 4m) |
status=progress |
Show transfer speed and bytes written (Linux only) |
conv=fsync |
Flush data to the card before dd exits — ensures nothing is left in write cache |
After dd finishes, flush any remaining buffers and eject:
Tip
Prefer a GUI? The official Raspberry Pi Imager handles download, writing, and configuration in one step. The CLI approach above shows you what the Imager does internally.
Step 3: Configure the SD Card
Re-insert the SD card. The boot partition should auto-mount (check with lsblk).
Run the course setup script — it configures SSH, user account, WiFi, hardware interfaces, and installs all lab packages on first boot:
git clone https://github.com/OE-KVK-H2IoT/embedded-linux.git
./embedded-linux/scripts/ssh-login/setup_pi.sh
The script auto-detects the boot partition. If it can't find it, pass the path explicitly:
./embedded-linux/scripts/ssh-login/setup_pi.sh /run/media/$USER/bootfs # Arch/Fedora
./embedded-linux/scripts/ssh-login/setup_pi.sh /media/$USER/bootfs # Ubuntu/Debian
Note
Different WiFi? Edit the variables at the top of setup_pi.sh before running:
WIFI_SSID="YourNetworkName"
WIFI_PASSWORD="YourPassword"
WIFI_COUNTRY="HU" # two-letter country code
C005, password C005passwd.
After the script finishes, unmount and eject:
What the script does (details)
The setup_pi.sh script writes several files to the boot partition:
| File | Purpose |
|---|---|
ssh |
Empty file — enables SSH server on first boot |
userconf.txt |
linux:$6$hash... — creates user linux with password passwd |
wpa_supplicant.conf |
WiFi credentials for initial network connection |
config.txt additions |
Enables I2C (dtparam=i2c_arm=on), SPI (dtparam=spi=on), GPU (dtoverlay=vc4-kms-v3d), and sets gpu_mem=128 |
firstrun.sh |
Runs on first boot: sets hostname to eslinux, adds user to hardware groups (i2c, spi, gpio, video), creates udev rules, installs ~30 lab packages (build-essential, SDL2, Qt6, OpenCV, i2c-tools, etc.), and clones the lab repo to ~/embedded-linux. Takes ~10-15 minutes with internet. Reboots when done. |
cmdline.txt modification |
Adds systemd.run=/boot/firmware/firstrun.sh so the init system executes the script on first boot |
Raspberry Pi OS detects these files on first boot, applies the configuration, and deletes them. After the first-run reboot, the Pi is fully configured for all course labs.
Alternative — Raspberry Pi Imager: The official Raspberry Pi Imager can configure SSH, user, WiFi, and hostname via its GUI settings (gear icon). However, it does not install lab packages or enable hardware interfaces — you'd still need to run the setup script or install packages manually.
Manual WiFi changes after setup: Raspberry Pi OS Bookworm+ uses NetworkManager. To change WiFi after the Pi is running:
Step 6: First Boot
- Insert the SD card into the Pi
- Connect an Ethernet cable (recommended) or rely on the WiFi configured above
- Connect power
Wait about 60 seconds — on first boot, the Pi expands the filesystem to fill the SD card and creates the user account. The green ACT LED blinks during boot activity.
Find the Raspberry Pi’s IP Address
To connect via SSH, you need the Pi’s IP address on your local network.
Option A: Check the Lab Sticker
In the lab, the IP address of each device is on the sticker on the case. Use that directly.
Option B: Use mDNS (hostname.local)
If your Pi has a unique hostname (e.g., you set it to eslinux at home), most networks support mDNS — you can connect by name without knowing the IP:
If this responds, you can use eslinux.local instead of an IP address everywhere:
Warning
mDNS only works when the hostname is unique on the network. In the lab, all Pis share the same image and hostname, so .local resolution is unreliable — use one of the other options instead.
Note
mDNS requires Avahi (installed by default on Raspberry Pi OS) on the Pi and an mDNS-capable client on your laptop. macOS and most Linux distributions support it out of the box. On Windows, installing Bonjour or using a recent Windows 10/11 build enables it.
Option C: Use Your Router’s Admin Page
Log in to your router’s admin page (typically 192.168.1.1 or 192.168.0.1 in a browser). Look for connected devices — find the one named eslinux or raspberrypi and note its IP address.
Option D: Scan the Network with arp-scan
arp-scan sends ARP requests to every address on the local subnet and shows the vendor name for each reply — Raspberry Pi devices are easy to spot:
Example output:
192.168.1.42 dc:a6:32:12:34:56 Raspberry Pi Trading Ltd
192.168.1.43 e4:5f:01:ab:cd:ef Raspberry Pi Trading Ltd
192.168.1.1 00:1a:2b:3c:4d:5e Cisco Systems
Every line showing Raspberry Pi Trading Ltd is a Pi on the network. If you see multiple Pis (common in the lab), check the sticker on your device’s case to match by the last digits of the IP.
Tip
Install arp-scan if not present: sudo apt install arp-scan (Debian/Ubuntu), brew install arp-scan (macOS), sudo pacman -S arp-scan (Arch).
Option E: Scan for SSH with nmap
If arp-scan is not available, scan the subnet for devices with SSH (port 22) open:
# Find your own IP first — look for the 192.168.x.y or 10.x.y.z address
ip addr show # Linux
ifconfig # macOS
# Scan the local subnet for SSH servers (replace with your subnet)
nmap -p 22 --open 192.168.1.0/24
On a typical home or lab network, only the Pis and perhaps a NAS will have SSH open.
Tip
Install nmap if not present: sudo apt install nmap (Debian/Ubuntu), brew install nmap (macOS), sudo pacman -S nmap (Arch).
Connect Using SSH
On Linux or macOS
Open a terminal and run:
Here linux is the username on the Raspberry Pi, and 192.168.x.y is the Pi’s IP address on the local network (or use eslinux.local if mDNS works).
If asked to accept the key, type yes and press enter. The fingerprint prompt is SSH’s protection against man-in-the-middle attacks — it lets you verify you are connecting to the real device, not an impostor. On first connection, type yes to accept and save the fingerprint.
➜ ssh linux@192.168.28.248
The authenticity of host ‘192.168.28.248 (192.168.28.248)’ can’t be established.
ED25519 key fingerprint is SHA256:Yvs56UL1A153xUwu/WxbxWBoSNm6+L7p+VdKfPxeI5s.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
On Windows
Windows 10/11 includes an SSH client. Open PowerShell or Command Prompt and run the same command:
Alternatively, use PuTTY — enter the IP in the Host Name field, ensure port is 22, and click Open.
Enter Password
The login will prompt for the password — this is the password you set during imaging (passwd for the lab RPis). Characters are not shown as you type — this is normal.
After successful login the following prompt appears in the terminal:
You now have a remote shell on the Raspberry Pi. Every command you type executes on the Pi, not on your laptop.
Connection refused or timeout?
- Check the Pi is powered: the green ACT LED should blink during boot. Wait at least 60 seconds after power-on for first boot.
- Verify the IP address:
ping 192.168.x.y— if no reply, the address may be wrong or the Pi is not on the network yet. - SSH not enabled: if you used a pre-made image and skipped the SSH step, SSH may be disabled. Mount the SD card’s boot partition on your laptop and create an empty file named
ssh(no extension) in its root directory. - Wrong password: the lab password is
passwd. On fresh installs, use the password you wrote touserconf.txt. - "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" — this means the Pi was re-imaged since your last connection. Remove the old key with
ssh-keygen -R 192.168.x.yand try again.