Raspberry Pi Day3: Configuring and connecting securely and remotely with SSH
The other day I managed to mount the Raspberry Pi OS image onto an SD card and the Pi had its first taste of life. Now I’m going to attempt to set-up remote secure connections to the Pi so I can do away with the keyboard, mouse and monitor attached to the experimental hobby PC. Although I’m mainly getting rid of the attached peripherals to make my lounge tidier (I’m going to connect via my laptop), there are several other reason why you’d want to remove attached devices from the Pi; the main reason I could think of is that your Pi might be mounted inside a casing, or unit, like an RC plane, water proof housing etc.
I should point out there is no technical reason I’m removing them; so far no limitations of the Pi have been noticed at all. I’m just used to working through Terminal onto remote machines, so using a laptop to work on a Pi at the other end of the room is fine for me. This article definitely isn’t necessary if you’re following along on your Pi journey.
Anyway… enough jabbering… time to get tinkering…
Connecting to your Raspberry Pi via SSH
Although it’d be relatively easy to set-up remote connections to the Pi, we want to be able to do it with security in mind too, ergo we’re going to use SSH (secure Shell). This way when you’re powering up your Pi nuclear power station in your back garden you don’t need to worry about your Pi being hacked. To read more about Secure Shells, or if my instructions below are reallllly badly written, head over to Kimmo Suominen’s article on SSH.
To be able to log into your Pi reliably and easily, it needs to have a fixed IP on your network. Log into your router and reserve an address for it, make a note of this IP address. I’m using 192.168.1.3
To test you can connect to your Pi, type the following into your remote PC Terminal:
ssh pi@192.168.1.3
By default, the username (the bit before the @ character in the above command) and password for the Pi are pi / raspberry. You can read my article here how to change your password via Terminal. Hopefully you connected. Type exit to terminate the connection and be brought back to your remote PC’s Terminal.
Creating an SSH key
To create both the public and private components of your key, run this on your remote PC:
ssh-keygen -t rsa
You can keep the key file blank, but specify a password. Afterwards you should see something like:
Your identification has been saved in /home/paul/.ssh/id_rsa. Your public key has been saved in /home/paul/.ssh/id_rsa.pub.
Installing the SSH public key on your Raspberry Pi
These two files form what is called public-key encryption, you can read an in-depth Wikipedia article about the subject here, but basically the private key identifies your computer. Never give it or share it with anyone. The public key can be happily handed out to anyone you want to connect to securely though. Now we need to add it to the Pi so it knows it can trust you.
To transfer the file, run:
scp ~/.ssh/id_rsa.pub pi@192.168.1.3:new_key.pub
Now connect over SSH to your Pi, as we did at the top of this article. On your Pi, run the following to install the public key from the remote machine:
cat new_key.pub >> .ssh/authorized_keys
If you get an error saying -bash: /home/pi/.ssh/authorized_keys: No such file or directory this is because you don’t have a ssh folder. Simply run:
mkdir ~/.ssh
Then re-run the ‘cat’ command above. To continue, run:
chmod 600 .ssh/authorized_keys rm new_key.pub
Now terminate the connection to the Pi by typing exit
SSH hosts shortcut
You should now be able to connect from your remote machine to your Raspberry Pi by just typing:
ssh pi@192.168.1.3
However, if you run the following on your remote PC
touch ~/.ssh/config chmod 600 ~/.ssh/config
Then open the config file in your favourite editor, you can add the following:
Host pi HostName 192.168.1.3 User pi
Save that and you should be able to connect your Pi by simply typing the following:
ssh pi
Nice and (relatively) simple! A secure shell connection – good work.
One last thing…
Obviously making this secure connection is a bit pointless if you’re still rocking the default username and password for the Pi. If you’re still using Pi as the main user, read here on how to change the password otherwise you’ll undermine all your good SSH work you’ve just done.
Now you can unplug your keyboard, mouse and monitor from your Raspberry Pi – you don’t need them any more!
Onwards and upwards Pi-minions, thanks for reading.
Its not very often I recognise technical details when it comes to programming and IT, but RSA and public/private keys were the bread and butter of my cryptography course when I was in Reading 🙂
Haha yeah it does bring back memories of uni days for me too. Hope I didn’t make any mistakes 😉