Raspberry Pi Day3: Configuring and connecting securely and remotely with SSH

by . Originally posted

raspberry-pi-circruit-logoThe other day I managed to mount the Raspberry Pi OS image onto an SD card and the Pi had its first taste of life. Now I’m going to attempt to set-up remote secure connections to the Pi so I can do away with the keyboard, mouse and monitor attached to the experimental hobby PC. Although I’m mainly getting rid of the attached peripherals to make my lounge tidier (I’m going to connect via my laptop), there are several other reason why you’d want to remove attached devices from the Pi; the main reason I could think of is that your Pi might be mounted inside a casing, or unit, like an RC plane, water proof housing etc.

I should point out there is no technical reason I’m removing them; so far no limitations of the Pi have been noticed at all. I’m just used to working through Terminal onto remote machines, so using a laptop to work on a Pi at the other end of the room is fine for me. This article definitely isn’t necessary if you’re following along on your Pi journey.

Anyway… enough jabbering… time to get tinkering…

Connecting to your Raspberry Pi via SSH

Please let me know if youre planning to build any fusion reactors using your Raspberry Pi

Please let me know if you’re planning to build any fusion reactors using your Raspberry Pi. Just so I can… well.. move away from you

Although it’d be relatively easy to set-up remote connections to the Pi, we want to be able to do it with security in mind too, ergo we’re going to use SSH (secure Shell). This way when you’re powering up your Pi nuclear power station in your back garden you don’t need to worry about your Pi being hacked. To read more about Secure Shells, or if my instructions below are reallllly badly written, head over to Kimmo Suominen’s article on SSH.

To be able to log into your Pi reliably and easily, it needs to have a fixed IP on your network. Log into your router and reserve an address for it, make a note of this IP address. I’m using 192.168.1.3

To test you can connect to your Pi, type the following into your remote PC Terminal:

ssh pi@192.168.1.3

By default, the username (the bit before the @ character in the above command) and password for the Pi are pi / raspberry. You can read my article here how to change your password via Terminal. Hopefully you connected. Type exit to terminate the connection and be brought back to your remote PC’s Terminal.

Creating an SSH key

To create both the public and private components of your key, run this on your remote PC:

ssh-keygen -t rsa

You can keep the key file blank, but specify a password. Afterwards you should see something like:

Your identification has been saved in /home/paul/.ssh/id_rsa.
Your public key has been saved in /home/paul/.ssh/id_rsa.pub.

Installing the SSH public key on your Raspberry Pi

These two files form what is called public-key encryption, you can read an in-depth Wikipedia article about the subject here, but basically the private key identifies your computer. Never give it or share it with anyone. The public key can be happily handed out to anyone you want to connect to securely though. Now we need to add it to the Pi so it knows it can trust you.

To transfer the file, run:

scp ~/.ssh/id_rsa.pub pi@192.168.1.3:new_key.pub

Now connect over SSH to your Pi, as we did at the top of this article. On your Pi, run the following to install the public key from the remote machine:

cat new_key.pub >> .ssh/authorized_keys

If you get an error saying -bash: /home/pi/.ssh/authorized_keys: No such file or directory this is because you don’t have a ssh folder. Simply run:

mkdir ~/.ssh

Then re-run the ‘cat’ command above. To continue, run:

chmod 600 .ssh/authorized_keys
rm new_key.pub

Now terminate the connection to the Pi by typing exit

SSH hosts shortcut

You should now be able to connect from your remote machine to your Raspberry Pi by just typing:

ssh pi@192.168.1.3

However, if you run the following on your remote PC

touch ~/.ssh/config
chmod 600 ~/.ssh/config

Then open the config file in your favourite editor, you can add the following:

Host pi
HostName 192.168.1.3
User pi

Save that and you should be able to connect your Pi by simply typing the following:

ssh pi

Nice and (relatively) simple! A secure shell connection – good work.

One last thing…

Obviously making this secure connection is a bit pointless if you’re still rocking the default username and password for the Pi. If you’re still using Pi as the main user, read here on how to change the password otherwise you’ll undermine all your good SSH work you’ve just done.

Now you can unplug your keyboard, mouse and monitor from your Raspberry Pi – you don’t need them any more!

Onwards and upwards Pi-minions, thanks for reading.

Categories: Computing, Linux, Raspberry Pi, SysAd and Security

Tags: , , , ,

2 Comments

Leave a Reply

Your email address will not be published.

Links and useful footery things…

Copyright © 2017 Paul Joyce. Follow me on Twitter or perhaps Google+