Jun 292017
 
Auto-connect Raspberry Pi to hidden SSID wifi network

I have a Raspberry Pi 3B that acts as a web server for my temperature sensing network. I also use the same Pi for my Pi Word of the day tweets. It’s been pottering along fine for a long time. But last week we had a power outage while we had smart meters installed.

For ‘network management’ reasons that I won’t go into, I’d recently decided to ‘hide’ the SSID (Service Set Identifier) of the router this Pi was connected to. I had thought it would automatically connect, having been connected before. But it didn’t, so I had to connect a keyboard and screen to the Pi, log into the router, make the SSID visible, then retype the password and let it connect again.

That was all a bit of a faff.

“There has to be a better way. Someone must have done this before!” I want it to be hands-free and automatic on booting.

So I googled “connect to hidden SSID on raspberry pi” and came up with a nice blog page with a procedure in. I tried it on my Pi3 with Jessie (a few months old) but it didn’t work for me (it was a bit out of date). I had a quick glance through the comments on that page and found the magic key which made it work.

scan_ssid=1 FTW

Essentially, the ‘secret sauce’ that was needed was to add scan_ssid=1 at line 7 of wpa_supplicant.conf which forces the Pi to scan for the invisible SSID by name. If you’ve logged onto a wifi network before on your Pi, you’ll already have a wpa_supplicant.conf file that looks something like the one below. If you’ve never logged into a wifi network, you’lll probably find lines 5-10 missing.

Either way, if you make your wpa_supplicant.conf file look like the one below, completing your hidden SSID (line 6) and wifi password (line 8), you should find that it now works as it ought. Also check line 3 is correct for your country.

You’ll need sudo to edit wpa_supplicant.conf

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=GB

network={
        ssid="insert_your_hidden_SSID_here"
        scan_ssid=1
        psk="insert_your_wifi_password_here"
        key_mgmt=WPA-PSK
}

And then, it should ‘just work” every time you reboot your Pi. This was first tested using a virgin install of Raspbian Jessie 10th April 2017 edition (not updated/upgraded). I’ve also just tested it on a brand new June 2017 Raspbian. It works perfectly for me on both. Let us know how you get on if you try it.

  11 Responses to “How to auto-connect your Raspberry Pi to a hidden SSID wifi network”

  1. What should I do:
    Change this:
    scan_ssid=1
    to
    scan_ssid=1 FTW

  2. If you create a wpa_supplicant.conf (or copy your existing one), you can then add it to the /boot partition when you flash an SD card and it will be automatically copied and used when you start the Pi. this was added a couple releases ago.

    It makes it easy if you have a several SD cards to build and will be using in different wifi locations with or without hidden networks.

  3. Can I point out that this should be discouraged as hidden SSIDs have a higher power draw and it is widely accepted that they reduce security especially if a mobile device is connected to the network.

    • Oh? What makes hidden SSIDs have higher power draw? “Hiding” the SSID certainly doesn’t “increase” security (a quick google shows that), but I wouldn’t expect it to actually reduce security too??

      • From what I’ve heard (since writing this blog article) certain mobile phones, if you connect to a hidden SSID, they continually spray out that SSID whenever not connected to it, which can waste battery and tell everyone what SSIDs that phone has been connected to (which some say is a security hazard – I can’t see it being any worse than having your SSID public).

        I have my reasons for having a hidden SSID but they are not to make the login more secure. Oddly enough, it is to hide the existence of that SSID from people so they don’t know it’s there!

        • Exactly but it’s not ‘some phones’ it’s all devices connected to it because instead of the base station broadcasting an SSID advertising it’s presence the client has to ask the area in general if the network exists, even if 100s of miles away from the base station.

          The reduction in security comes when a connected device is out and about where these packets can be harvested for more malicious intentions.

          Of course the power drain is minimal but stems from the broadcast of superfluous packets

          • So somebody sitting in the same train carriage as you can harvest these broadcast packets from your phone and discover the SSID of your home router? Oh noes! ;-)

          • So somebody sitting in the same train carriage as you can harvest these broadcast packets from your phone and discover the SSID of your home router? Oh noes! ;-)

            Just like they could if they were outside your house and the SSID was on ;p

            It’s also true that anyone with Kali Linux etc. could easily determine what it was anyway, but it works for my purposes. It should be noted that I haven’t recommended that people make their SSID invisible, merely showed a procedure to increase convenience for those who have already done it.

  4. This post is FANTASTIC! Many thank you’s! Saved the day…

Leave a Reply