You have Raspberry Pi set up and running, but typing password every time you try to login using ssh is quite the pain. Well, using key-based authentication is not only more convenient, but also more secure. Let’s see how to set it up.
Set up password-less SSH
First of all, you need to generate the public / private key for your computer using this command:
user@computer$ ssh-keygen -t rsa -b 4096
You will be asked for a pass-phrase. Using one is highly recommended. You should use one that is long, preferably a whole sentence, and different from your password. Avoid using famous quotes, as your pass-phrase could easily get cracked by a dictionary attack. Next, upload the key to your Pi:
user@computer$ ssh-copy-id -i ~/.ssh/id_rsa.pub firstname.lastname@example.org
If it failed to connect, just use the Pi’s ip adress in place of
rapsberrypi.local. You should now be able to connect to your pi using the key.
You should take at least some basic security measures to prevent other people from doing nasty stuff to your Raspberry. So open
pi@raspberrypi$ sudo nano /etc/ssh/sshd_config
And uncomment the following line:
While you are at it, you can also disable root login, login with password and change the default port to make your server more secure. Change the
and change the port to your favorite number between
65535, let’s say
Save the configuration using
ctrl + x and you are done. Now you can connect to your Pi using your new port:
user@computer$ ssh -p 1337 email@example.com
And while in there, change the permissions on the keys, so other users cannot read them. Just to be on the safe side.
pi@raspberrypi$ chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys.
That is everything. Now, that you have set up password-less SSH, your Raspberry is more convenient to use and also more resilient to random people trying to get inside.