Setting Up Remote Access with SSH

The raspberry pi is now up and running with Raspberry OS. Since we setup the Wifi and enabled SSH in the previous step we should now be all set to connect to our pi. This is where remote access is handy and allows us to control the pi wirelessly.

Remote Connection with SSH (10min)

By default the password is raspberry and the user is pi. The easiest method is to SSH into the pi at its local IP address.

username@ipaddress

Use the ssh command to remotely access the pi. (If you are on windows and don't have SSH support check out a ssh client like PuTTy)

ssh pi@192.168.1.5

You will want to find the IP of your raspberry pi on the network. This can be done by looking at your router admin page or running the following command on the pi.

hostname -I

Securing our Pi

There are some settings that we will want to secure our pi. Its likely that this would only be on your local network but its always a god practice to secure your setup. Plus it doesn’t take much time to get a good layer of protection in place.

Changing Default Password

By default the user pi has the default password of raspberry. You can easily change this password by running the passwd command.

passwd

You will be prompted to enter your current password then create a new password.

Securing SSH with Keys

When you log in with SSH you will be password authenticated by default. However a better method of authentication is using SSH keys. Keys allow you to establish a authentication between two devices (i.e. laptop and server) without needing to enter a password every time. This is better because password based authentication is sent via plain text to the server.

Generating SSH Key on macOS

First you want to enter your SSH directory which on a Mac is located under the root, under a folder named ssh. We can navigate there from our terminal with the following command.

cd .ssh

Now we need to generate a new key in this directory.

ssh-keygen -o -a 100 -t ed25519

If you would like specifics on the encryption method ED25519 we are using over the common RSA you can read this great blog post: Upgrade your SSH keys! · blog.g3rt.nl

Additionally if you want to specify the file name of your key you can use the following flag.

-f your_file_name

On other last tip is to use the -C flag to append a small comment on the end of the key which can make it easier to identify if you have multiple keys to sort through.

-C “eric”

I learned about a lot of these tips from Chris Fideloper at Servers for Hackers. He provides great content on various topics around servers and how to properly configure them as a developer.

So my full command I used to generate the key would be like the following

ssh-keygen -o -a 100 -t ed25519 -f home_laptop -C "eric"

You will be prompted for a passphrase which is an additional password to protect the SSH key. This password is required when you are trying to use the SSH key to log in to a server. So if you wanted to setup a SSH key without a passphrase anyone logging in from that device will be authenticated without having to enter a password.

Now two keys will be created in your ssh directory. There is a public key and a private key. Since I provided a file name for my keys the two files are:

home_laptop - Private Key We Keep Secrect, Shhhhh
home_laptop.pub -Public Key We Copy to Server (Open to public)

We want to take our public key and register that on our raspberry pi. You can list the contents of you public key by running

cat ~/.ssh/your_key_name.pub | pbcopy

The output of that command which will be your public key should now be copied to your clipboard.

We are now going to log back into our raspberry pi and set it up so that we can use the SSH key we just copied when we log in.

ssh pi@<ip address>

Once we are logged back into the pi we need to again navigate to our ssh directory. This time we are on our raspberry pi though.

cd ~/.ssh

You will probably get a message saying “this directory does not exist”. Which is expected because we haven’t setup any keys on our pi yet.

If it does not exists, Lets make that directory.

mkdir .ssh

Now navigate to that directory and make a file called authorized_keys using the touch command. The authorized_keys file is where we need to paste our public key. This will instruct the pi that we want to allow SSH authentication with the keys we put in that file.

cd .ssh
touch authorized_keys

Then we need to make sure the directory and file have proper permissions using chmod. If the proper permissions were not set this could cause our SSH connection to fail or not authenticate.

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Finally back on our macOS we need to run the following chained commands to append our public key to our raspberry pi under the authorized_keys file we just made.

cat ~/.ssh/home_laptop.pub | ssh pi@<ip address> 'cat >>.ssh.authorized_keys'

You could also just as easily use vim or nano to edit the file and copy paste the key in too.

Now when you login you shouldn’t be prompted for a password unless you entered a passphrase when you created the ssh key, in which case you would enter that passphrase when logging in.

However if you still get prompted for a password when trying to log in, there are some additional flags we can pass to the ssh command to tell it to specifically use the key we generated.

ssh -i ~/.ssh/home_laptop -o “IdentitiesOnly=yes” pi@<ip address>

That should be it for SSH keys. You can now login to your pi using the key instead of password authentication. If you didn’t provide a passphrase when we generated our public keys then you now have handy password-less access to your pi.

You can further secure your pi on your own to even disable password logins completely on the pi so you must have a ssh key to log in. More details about securing your pi can be found on the Offical Raspberry Pi - Raspberry Pi Documentation

Creating a New User

Although we setup SSH for our main user pi its generally a better practice to create a new user and eventually disable the default user raspbian comes with.

Creating a new user can be easy once you remember the commands

sudo adduser <username>

To add them to the sudo group to give them sudo permissions:

sudo adduser mudpi sudo

Another way to add a user to a group. In this example adding our user to the sudo group.

usermod -a -G sudo mudpi

Setup SSH

The newly created user will have a directory in the /home/username location. In this personal folder you will want to perform the same ssh commands that we listed above in the ssh section. Except this time you would place the public key into the authorized_keys under the new users ssh directory /home/username/.ssh/authorized_keys


Next Step >
Getting Started with a Raspberry Pi from Scratch
Preparing the SD Card 4:02
Booting Up & Configuring Raspbian 4:48
3 SSH and SSH Keys (Video Coming Soon)
4 Updating Python on Raspbian & Installing Useful Packages (Video Coming Soon)