Now we want to let our RPI know how to connect to our Wi-Fi network, since we won't be using any network cables.

• Input the SD card to the port again, click the file named boot (Should popup on your desktop if you're using Mac, somewhere else if you're using any other OS).

• Create a new file and name it wpa_supplicant.conf in this boot file. It will be copied to the main partition's /etc/wpa_supplicant location at boot time, replacing whatever is there. It will then be deleted from /boot, so you won't see it there if you try to find it at a later point in time.

• In wpa_supplicant.conf add the correct credentials and country code. In my example I'm using se for Sweden. You can find all the common country codes here.

country=se
update_config=1
ctrl_interface=/var/run/wpa_supplicant

network={
 scan_ssid=1
 ssid="MyNetworkSSID"
 psk="Pa55w0rd1234"
}

Note that you'll have to replace MyNetworkSSID with your own network SSID and Pa55w0rd1234 with your own network password.

Also, I wrote my country code with lower case letters and it worked fine - so you should be able to write your country code in lower case letters as well.

Now save the wpa_supplicant.conf file and close it.

In order to be able to access our RPI and navigate in it, we'll have to setup SSH which will allow us to login to the RPI file system from our computer.

SSH can be enabled by placing a file named ssh, without any extension, onto the boot partition of the SD card. When the Pi boots, it looks for the ssh file. If it is found, SSH is enabled and the file is deleted. The content of the file does not matter; it could contain text, or nothing at all.

So, with our boot partition still open (since we modified the wifi settings in the previous section) create a new file named ssh.

Error 1

If you get some warning about WARNING: POSSIBLE DNS SPOOFING DETECTED! and/or WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! it's probably because you previously had saved ssh keys on your computer and wiped the RaspberryPI and now trying to connect to it. If this happened, just run ssh-keygen -R raspberrypi.local and then run ssh pi@raspberrypi.local again.

Error 2

If you get a question Are you sure you want to continue connecting (yes/no/[fingerprint])? just type yes and continue.

Error 3

If you get a message ssh_dispatch_run_fatal: Connection to blablablablabla port 22: Broken pipe just run ssh pi@raspberrypi.local again.

Now that we have access, it's important that we change the default password. We can do this by typing passwd , pressing enter and setting the new password. Note memorize it or save it to a safe place before executing the password change so we don't get locked out of our RPI.

passwd

It might also be a good idea to get the latest system's package list onto our RPI. Get it by running sudo apt-get update.

sudo apt-get update

Next lets install all the latest packages for our RPI by running sudo apt full-upgrade.

sudo apt full-upgrade

On your computer, open a new terminal window and run ssh-keygen.

ssh-keygen

Upon entering this command, you will be asked where to save the key. Save it either in the default location (~/.ssh/id_rsa) by pressing Enter or define a custom path/name.

You will also be asked to enter a passphrase, which is optional. The passphrase is used to encrypt the private SSH key, so that if someone else copied the key, they could not impersonate you to gain access. If you choose to use a passphrase, type it here and press Enter, then type it again when prompted. Leave the field empty for no passphrase.

Run ls ~/.ssh and confirm that the private and public keys where created.

ls ~/.ssh

Input the following into a terminal in order to ssh copy the public key into the authorized_keys folder of your RPI. Note that you might want to change the name of the key file in case you didn't use the default:

cat ~/.ssh/id_rsa.pub | ssh pi@raspberrypi.local 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'

Input the ssh password when asked for it. Note that if you didn't change it yet, as defined in the Security section, the default password is raspberry.

• After verifying that your new key allows you to connect, you have the option of storing the passphrase for your key in the macOS keychain. This allows you to connect to your Raspberry Pi without entering the passphrase.

• Run the following command to store it in your keychain ssh-add -K ~/.ssh/id_rsa. Note that you will have to change the path in case you used a custom path and/or filename.

ssh-add -K ~/.ssh/id_rsa

Incase you defined a passphrase for the SSH key previously created, it will ask you to enter passphrase each time you use it to connect to servers or git repositories. To prevent re-entering passphrase we add SSH-keys to SSH-agent running on your macOS system using the following command (same step as above): ssh-add -K ~/.ssh/id_rsa

ssh-add -K ~/.ssh/id_rsa

After that navigate to your ssh folder. From a terminal you can run cd ~/.ssh/ and look for a file named config. If this file exists, we're going to edit it, if not just create it. In this file, copy/paste the following:

Host *
  UseKeychain yes
  AddKeysToAgent yes
  IdentityFile ~/.ssh/[your-secure-ssh-key-name-1]
  IdentityFile ~/.ssh/[your-secure-ssh-key-name-2]

Then replace the [your-secure-ssh-key-name-x] parts with the key files that you previously created. For instance if I went with the default setup when generating this/these file/files previously, I'd use IdentityFile ~/.ssh/id_rsa.

Now, restart your computer to apply changes properly. Once changes are applied, you will never again be asked for passphrase.