Logging into a Rasberry Pi using Public/Private Keys
May 30, 2012 2 Comments
In a previous post we covered enabling sshd on the Raspberry Pi. Now that we’ve got SSH setup I’ll cover how to log in using a public/private key-pair rather than using password authentication. This is particularly useful if you’re going to put the Pi on the public internet. It’s also pretty handy if you can’t be bothered to type your password each time you ssh into the device.
The first step is to ensure that you have a public private key-pair installed on your local machine. Most developers will already have this but in linux or mac you can normally generate a new pair using:
ssh-keygen -t rsa -C "email@example.com"
Next up we need to copy our keys over to the Rasberry Pi. I’m going to use the following script:
cat ~/.ssh/id_rsa.pub | ssh firstname.lastname@example.org "mkdir .ssh;cat >> .ssh/authorized_keys"
This assumes that your private key is stored in
~/.ssh/id_rsa.pub and that the ip address of the server is 192.168.1.190. You can change these for your own values. If all goes well you should be prompted for the password for the last time.
Now we should be able to log in using:
This time we shouldn’t be asked for a password it should use the key instead!
Disallowing password login. To disallow password login we need to edit the ssh config found in
/etc/ssh/sshd_config. Do do this we can ssh into the Pi. Once at the prompt we can enter the following:
sudo vi /etc/ssh/sshd_config scroll down to the section that says #PasswordAuthentication yes With the cursor over the # press x Then scroll the console to the end and press i Then press backspace to delete the word yes and replace it to no Then press the escape key, press : and then w, then press : and then q.
We now need to restart sshd. The easiest way to do this is to type
sudo /etc/init.d/ssh restart alternatively you can just reboot using