The Raspberry Pi with a USB HDD becomes a very useful remote backup server. You could put this away in a corner and have it running a script that periodically backs up data from your main data storage device.
To operate / update the remote Pi server, you’d be using SSH. SSH (Secure Shell ) is a network protocol that is mostly used to securely connect, across the Internet to Unix based servers ( like Linux and its various offsprings like Raspbian, Debian, Ubuntu etc).
An SSH server can be logged in via a SSH Client using a username and password. However, It is more secure when a key based password less login is used. This means, the Machine you are using to log in to the remote server is “pre approved” and the Login is Passwordless. This arrangement along with disabling your remote server login using Passwords makes your remote server pretty secure.
Raspberry Pi Passwordless SSH access
- Generate SSH Key
- Transfer Public Key from SSH client to SSH Server
- Configure SSH Server to accept only Passwordless logins
Time and Difficulty :
- Time : 10 to 15 mins once you have the Raspbian Image file and the rest of the software.
- Newbie Difficulty level : Moderate ; Will need to use terminal and type in commands.
What you will need :
- Raspberry Pi 2 Model B or one of its clones like Banana Pi M1 or M2 or Banana Pro
- Ethernet connection or a supported and configured USB Wifi adapter for the Pi
- SD or Micro SD Card that fits into your Pi (4GB or above is recommended)
You should seriously consider :
- Learning about SSH, UFW and Fail2Ban.
- Learning about Port forwarding settings for your Router.
Caution : The location and security of your Private Key is to be kept safe and it’s security is critical. Anyone who gets hold of your Private Key file will be able to access your server if you dont have passphrase enabled.
STEP 1 : Update the Pi
Log in to Raspbian and enter the following commands with out the quotes :
Log in to Raspbian and enter the following commands :
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
The steps above will update the software and the raspbian distribution to the latest available.
reboot your pi with
STEP 2 : Generate New SSH Keys
You will need to generate new SSH keys for both the SSH Server as well as the SSH clients you will be using.
For each of these machines, you will need to choose a hostname (something like pibackup or linuxclient1 etc)
On a Raspberry Pi or a machine running Debian / Ubuntu, Generate the SSH Keys using
ssh-keygen -t rsa -C pibackup
Go with the default save locations for the rsa key pairs.
If you want to remotely log in via a script, Click enter and choose no passphrase.
Once the files are generated, you will see a key fingerprint and randomart generated.
On the terminal enter
ls ~/.ssh to list the contents of the newly created hidden folder
The folder will have 3 files :
authorized_keys : This file stores the public keys of preapproved ssh clients.
id_rsa : This is the private key and needs to kept on the computer.
id_rsa.pub : This is the public key and this needs to put inside the
authorized_keys file of the SSH server you want to connect to.
IF you are using puTTY and a windows Machine, Refer to the Windows section Below.
STEP 3 : Copy the Public Key of the Client to the Authorized_Keys of the Server.
To transfer the Public key via SSH, Enter the following command
cat ~/.ssh/id_rsa.pub | ssh email@example.com 'cat >> .ssh/authorized_keys' ( Where pi is the username on the SSH server and the IP address of the SSH Server is 192.168.0.10. Replace these with your own.)
You will need to authenticate this transfer of file with your password (Password of the SSH Server)
Once this is done, you sould be able to access your Raspberry Pi SSH server with out entering a password the next time you log in.
Follow these steps on a Windows Machine
Step 1. Download and Install PuTTy.
Step 2. Open PuTTYgen (The PuTTY Key Generator)
Step 3. Stick to the Defaults ( SSH-2 RSA and 2048 for the number of Bits)
Step 4. Click on Generate ( you will need to repeatedly random click you mouse on the white area to generate a random key)
Step 5. Copy The Public Key and Save the Private Keys in a secure location. For eg. Privkey.ppk
Step 6. Open PuTTY and Log on to your Raspberry Pi Server.
Step 7. Once logged in, type in
cd .ssh to enter the hidden .ssh folder in the home folder.
Step 8. Enter
sudo nano authorized_keys (To edit the file authorized_keys)
Step 9. Paste the code (right clicking in puTTY will paste clipboard contents) into the file, Press Ctrl + X and save the file as you are exiting.
Step 10. Secure the file by entering
chmod 600 authorized_keys ( Restrict Read and Write permission to only the owner). Exit and close the SSH session.
Step 11. Open Putty and Enter the IP address and Port to connect to the Pi Server.
Step 12. In the Left Panel, Navigate to Connection > Data and Enter the username you will use to log in to the remote server.
Step 13. Navigate to Connection > SSH > Auth and select the Private key file you had stored earlier in Step 5
Step 14. Click on Open and you should login automatically without being asked for a password.