Raspberry Pi Passwordless SSH access

The Raspberry Pi with a USB HDD becomes a very useful remote backup server. You could put this away in a corner and have it running  a script that periodically backs up data from your main data storage device.

SSH
Secure connection using SSH Clients to a Raspberry Pi SSH Server

To operate / update the remote Pi server, you’d be using SSH.  SSH (Secure Shell ) is a network protocol that is mostly used to securely connect, across the Internet to Unix based servers ( like Linux and its various offsprings like Raspbian, Debian, Ubuntu etc).

An SSH server can be logged in via a SSH Client using a username and password. However, It is more secure when a key based password less login is used. This means,  the Machine you are using to log in to the remote server is “pre approved” and the Login is Passwordless. This arrangement along with disabling your remote server login using Passwords makes your remote server pretty secure.

Linux systems and Mac systems come with SSH built in. For windows systems, PuTTy (Click here to download)  is a commonly used SSH Client.  Cygwin is a commonly used SSH server software.

Raspberry Pi Passwordless SSH access

Overview :

  • Generate SSH Key
  • Transfer Public Key from SSH client to SSH Server
  • Configure SSH Server to accept only Passwordless logins

Time and Difficulty :

  • Time : 10 to 15 mins  once you have the Raspbian Image file and the rest of the software.
  • Newbie Difficulty level : Moderate ; Will need to use terminal and type in commands.

What you will need :

  • Raspberry Pi 2 Model B or one of its clones like Banana Pi M1 or M2 or Banana Pro
  • Ethernet connection or a supported  and configured USB Wifi adapter for the Pi
  • SD or Micro SD Card that fits into your Pi (4GB or above is recommended)

You should seriously consider :

  • Learning about SSH, UFW and Fail2Ban.
  • Learning about Port forwarding settings for your Router.

Caution : The location and security of your Private Key is to be kept safe and it’s security is critical.  Anyone who gets hold of your Private Key file will be able to access your server if you dont have passphrase enabled.

STEP 1 : Update the Pi 

Log in to Raspbian and enter the following commands with out the quotes  :

Log in to Raspbian and enter the following commands  :

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

The steps above will update the software and the raspbian distribution to the latest available.

reboot your pi with  sudo reboot

STEP 2 : Generate New SSH Keys

You will need to generate new SSH keys for both the SSH Server as well as the SSH clients you will be using.

For each of these machines, you will need to choose a hostname (something like pibackup or linuxclient1 etc)

On a Raspberry Pi or a machine running Debian / Ubuntu, Generate the SSH Keys using

ssh-keygen -t rsa -C pibackup

Go with the default save locations for the rsa key pairs.

If you want to remotely log in via a script,  Click enter and choose no passphrase.

Once the files are generated, you will see a key fingerprint and randomart generated.

On the terminal enter ls ~/.ssh to list the contents of the newly created hidden folder .ssh

The folder will have 3 files :

authorized_keys : This file stores the public keys of preapproved ssh clients.
id_rsa : This is the private key and needs to kept on the computer.
id_rsa.pub : This is the public key and this needs to put inside the authorized_keys file of the SSH server you want to connect to.

IF you are using puTTY and a windows Machine, Refer to the Windows section Below. 

STEP 3 : Copy the Public Key of the Client to the Authorized_Keys of the Server.

To transfer the Public key via SSH, Enter the following command

cat ~/.ssh/id_rsa.pub | ssh pi@192.168.0.10 'cat >> .ssh/authorized_keys' ( Where pi is the username on the SSH server and the IP address of the SSH Server is 192.168.0.10. Replace these with your own.)

You will need to authenticate this transfer of file with your password (Password of the SSH Server)

Once this is done, you sould be able to access your Raspberry Pi SSH server with out entering a password the next time you log in.

 

Follow these steps on a  Windows Machine

Step 1. Download and Install PuTTy.

Step 2. Open PuTTYgen (The PuTTY  Key Generator)

Step 3.  Stick to the Defaults ( SSH-2 RSA and 2048 for the number of Bits)

Step 4.  Click on Generate ( you will need to repeatedly random click you mouse on the white area to generate a random key)

Copy the Public Key and save the Private Key in a secure location
Copy the Public Key and save the Private Key in a secure location

Step 5.  Copy The Public Key and Save the Private Keys in a secure location. For eg. Privkey.ppk

Step 6. Open PuTTY and Log on to your Raspberry Pi Server.

Log on to Remote Pi using Putty
Log on to Remote Pi using Putty

Step 7. Once logged in, type in cd .ssh to enter the hidden .ssh folder in the home folder.

Enter the .ssh folder and edit authorized_keys
Enter the .ssh folder and edit authorized_keys

Step 8.  Enter sudo nano authorized_keys (To edit the file authorized_keys)

Step 9. Paste the code (right clicking in puTTY will paste clipboard contents) into the file, Press Ctrl + X and save the file as you are exiting.

Step 10. Secure the file by entering chmod 600 authorized_keys  ( Restrict Read and Write permission to only the owner). Exit and close the SSH session.

Step 11. Open Putty and Enter the IP address and Port to connect to the Pi Server.

Log on to Remote Pi using Putty
Log on to Remote Pi using Putty

Step 12.  In the Left Panel, Navigate to Connection > Data and Enter the username you will use to log in to the remote server.

Connection > Data > Enter user name of Remote Pi
Connection > Data > Enter user name of Remote Pi

Step 13.  Navigate to Connection > SSH > Auth and select the Private key file you had stored earlier in Step 5

Connection > SSH > Auth and Select Private Key file
Connection > SSH > Auth and Select Private Key file

Step 14. Click on Open and you should login automatically without being asked for a password.

putty passwordless login via ssh
putty passwordless login via ssh