Jun 292017
 
Auto-connect Raspberry Pi to hidden SSID wifi network

I have a Raspberry Pi 3B that acts as a web server for my temperature sensing network. I also use the same Pi for my Pi Word of the day tweets. It’s been pottering along fine for a long time. But last week we had a power outage while we had smart meters installed.

For ‘network management’ reasons that I won’t go into, I’d recently decided to ‘hide’ the SSID (Service Set Identifier) of the router this Pi was connected to. I had thought it would automatically connect, having been connected before. But it didn’t, so I had to connect a keyboard and screen to the Pi, log into the router, make the SSID visible, then retype the password and let it connect again.

That was all a bit of a faff.

“There has to be a better way. Someone must have done this before!” I want it to be hands-free and automatic on booting.

So I googled “connect to hidden SSID on raspberry pi” and came up with a nice blog page with a procedure in. I tried it on my Pi3 with Jessie (a few months old) but it didn’t work for me (it was a bit out of date). I had a quick glance through the comments on that page and found the magic key which made it work.

scan_ssid=1

Essentially, the ‘secret sauce’ that was needed was to add scan_ssid=1 at line 7 of wpa_supplicant.conf which forces the Pi to scan for the invisible SSID by name. If you’ve logged onto a wifi network before on your Pi, you’ll already have a wpa_supplicant.conf file that looks something like the one below. If you’ve never logged into a wifi network, you’lll probably find lines 5-10 missing.

Either way, if you make your wpa_supplicant.conf file look like the one below, completing your hidden SSID (line 6) and wifi password (line 8), you should find that it now works as it ought. Also check line 3 is correct for your country.

You’ll need sudo to edit wpa_supplicant.conf

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=GB

network={
        ssid="insert_your_hidden_SSID_here"
        scan_ssid=1
        psk="insert_your_wifi_password_here"
        key_mgmt=WPA-PSK
}

And then, it should ‘just work” every time you reboot your Pi. This was first tested using a virgin install of Raspbian Jessie 10th April 2017 edition (not updated/upgraded). I’ve also just tested it on a brand new June 2017 Raspbian. It works perfectly for me on both. Let us know how you get on if you try it.

  20 Responses to “How to auto-connect your Raspberry Pi to a hidden SSID wifi network”

  1. What should I do:
    Change this:
    scan_ssid=1
    to
    scan_ssid=1 FTW

  2. If you create a wpa_supplicant.conf (or copy your existing one), you can then add it to the /boot partition when you flash an SD card and it will be automatically copied and used when you start the Pi. this was added a couple releases ago.

    It makes it easy if you have a several SD cards to build and will be using in different wifi locations with or without hidden networks.

  3. Can I point out that this should be discouraged as hidden SSIDs have a higher power draw and it is widely accepted that they reduce security especially if a mobile device is connected to the network.

    • Oh? What makes hidden SSIDs have higher power draw? “Hiding” the SSID certainly doesn’t “increase” security (a quick google shows that), but I wouldn’t expect it to actually reduce security too??

      • From what I’ve heard (since writing this blog article) certain mobile phones, if you connect to a hidden SSID, they continually spray out that SSID whenever not connected to it, which can waste battery and tell everyone what SSIDs that phone has been connected to (which some say is a security hazard – I can’t see it being any worse than having your SSID public).

        I have my reasons for having a hidden SSID but they are not to make the login more secure. Oddly enough, it is to hide the existence of that SSID from people so they don’t know it’s there!

        • Exactly but it’s not ‘some phones’ it’s all devices connected to it because instead of the base station broadcasting an SSID advertising it’s presence the client has to ask the area in general if the network exists, even if 100s of miles away from the base station.

          The reduction in security comes when a connected device is out and about where these packets can be harvested for more malicious intentions.

          Of course the power drain is minimal but stems from the broadcast of superfluous packets

          • So somebody sitting in the same train carriage as you can harvest these broadcast packets from your phone and discover the SSID of your home router? Oh noes! ;-)

          • So somebody sitting in the same train carriage as you can harvest these broadcast packets from your phone and discover the SSID of your home router? Oh noes! ;-)

            Just like they could if they were outside your house and the SSID was on ;p

            It’s also true that anyone with Kali Linux etc. could easily determine what it was anyway, but it works for my purposes. It should be noted that I haven’t recommended that people make their SSID invisible, merely showed a procedure to increase convenience for those who have already done it.

  4. This post is FANTASTIC! Many thank you’s! Saved the day…

  5. Thank you so much! This is exactly what I was looking for. I was in the right file, but had no idea about the scan part.

  6. Many thanks for the straightforward explanation. Totally new to Linux and RPi and struggling with this particular problem for a couple of days.
    As a comment for anyone else new to the nano editor, don’t forget to save the new lines, duh! :-

    Save is Ctrl+o
    Close nano is Ctrl+x
    Then reboot RPi with sudo reboot

    Obvious when you know, but I didn’t find nano very intuitive.
    Thanks again.

    • If you think nano is bad, you should see vi or vim. There’s no on screen help menu and unless you know how, you’ll never manage to exit 😂

      • Alex – you are dead right, but once learned, never forgotten, and if you are using a gui-less jessie-lite, :wq or :q! are get-out-of-jail-free commands that are invariably useful…using vi for twenty odd years and still learning.. and they work on pretty much every Unix, debian on Pi today, unix sysadmin of the future..

  7. This was extremely helpful in getting a batch of Pi 3-driven robots running Jessie onto a campus network. They don’t have displays, so diagnosing network problems is a pain — finding a succinct, informative article that just fixes it was great.

  8. Hi Alex,

    Just got a Pi 3 Model B and I’ve had a hell of a time trying to get a hidden SSID to connect. I installed the latest Raspian and have edited the file as shown above. Yet it still refuses to connect. I connected it to a broadcasted SSID without issue. Is there a way to troubleshoot this somewhere?

    Thanks for your help,

    Garrison

    • I am having the exact same problem here. My Pi3 (v1.2) is just refuses to connect to a hidden SSID. I’ve tried everything, even installed network-manager (hoping that it does some magic), but nothing. I’m running out of ideas :(
      It connects to broadcasted SSID-s just fine.

  9. Thank you Alex! Looking at the clock, I’ve spent close to four hours today trying to get my RasPi3 Stretch to connect to my (hidden SSID) router. This one little line made all the difference! Best, Clark

Leave a Reply