Logging into a Rasberry Pi using Public/Private Keys

In a previous post we covered enabling sshd on the Raspberry Pi. Now that we’ve got SSH setup I’ll cover how to log in using a public/private key-pair rather than using password authentication. This is particularly useful if you’re going to put the Pi on the public internet. It’s also pretty handy if you can’t be bothered to type your password each time you ssh into the device.

The first step is to ensure that you have a public private key-pair installed on your local machine. Most developers will already have this but in linux or mac you can normally generate a new pair using:

ssh-keygen -t rsa -C "your_email@youremail.com"

I won’t cover creating these in any detail as there are plenty of guides available. Github’s guides cover this as a side effect of setting up git here and an issues helper here.

Next up we need to copy our keys over to the Rasberry Pi. I’m going to use the following script:

cat ~/.ssh/id_rsa.pub | ssh pi@ "mkdir .ssh;cat >> .ssh/authorized_keys"

This assumes that your private key is stored in ~/.ssh/id_rsa.pub and that the ip address of the server is You can change these for your own values. If all goes well you should be prompted for the password for the last time.

Now we should be able to log in using:

ssh pi@

This time we shouldn’t be asked for a password it should use the key instead!

Disallowing password login. To disallow password login we need to edit the ssh config found in /etc/ssh/sshd_config. Do do this we can ssh into the Pi. Once at the prompt we can enter the following:

sudo vi /etc/ssh/sshd_config
scroll down to the section that says #PasswordAuthentication yes
With the cursor over the # press x
Then scroll the console to the end and press i
Then press backspace to delete the word yes and replace it to no
Then press the escape key, press : and then w, then press : and then q.

We now need to restart sshd. The easiest way to do this is to type sudo /etc/init.d/ssh restart alternatively you can just reboot using sudo reboot.