Logging into a Rasberry Pi using Public/Private Keys

In a previous post we covered enabling sshd on the Raspberry Pi. Now that we’ve got SSH setup I’ll cover how to log in using a public/private key-pair rather than using password authentication. This is particularly useful if you’re going to put the Pi on the public internet. It’s also pretty handy if you can’t be bothered to type your password each time you ssh into the device.

The first step is to ensure that you have a public private key-pair installed on your local machine. Most developers will already have this but in linux or mac you can normally generate a new pair using:

ssh-keygen -t rsa -C "your_email@youremail.com"

I won’t cover creating these in any detail as there are plenty of guides available. Github’s guides cover this as a side effect of setting up git here and an issues helper here.

Next up we need to copy our keys over to the Rasberry Pi. I’m going to use the following script:

cat ~/.ssh/id_rsa.pub | ssh pi@192.168.1.190 "mkdir .ssh;cat >> .ssh/authorized_keys"

This assumes that your private key is stored in ~/.ssh/id_rsa.pub and that the ip address of the server is 192.168.1.190. You can change these for your own values. If all goes well you should be prompted for the password for the last time.

Now we should be able to log in using:

ssh pi@192.168.1.190

This time we shouldn’t be asked for a password it should use the key instead!

Disallowing password login. To disallow password login we need to edit the ssh config found in /etc/ssh/sshd_config. Do do this we can ssh into the Pi. Once at the prompt we can enter the following:

sudo vi /etc/ssh/sshd_config
scroll down to the section that says #PasswordAuthentication yes
With the cursor over the # press x
Then scroll the console to the end and press i
Then press backspace to delete the word yes and replace it to no
Then press the escape key, press : and then w, then press : and then q.

We now need to restart sshd. The easiest way to do this is to type sudo /etc/init.d/ssh restart alternatively you can just reboot using sudo reboot.

Advertisements

About Steve Smith
Software developer (often ruby, rails but I enjoy loads of languages), semantic tech. fanboy, skydiver, all round geek. Owner of dynamic:edge (hire us) the makers of CloudMailin.com

4 Responses to Logging into a Rasberry Pi using Public/Private Keys

  1. dtzortzis42 says:

    I managed to do that (thanks a lot for that!) and I can connect from my laptop to the Pi using ssh. However, I can’t connect from the Pi to the laptop, I get a “no route to host”.
    Although, when I try to ssh my router, it does try, even though it returns a “Connection closed”.

  2. Pingback: SSH Login To Rasspberry Pi using Secure Keys and Passphrase « Raspberry Pi Adventures

  3. Pingback: Lego Pi Parallel SuperComputing | Musings from the Chiefio

  4. john says:

    using stand SSH via user/password I can see earlier logins with unix command last
    when I login with key pair, the login does not display using unix command last

    So how I can see history of logins using key pair

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: