How to connect to Raspberry Pi via ssh without password (using ssh keys)
I assume that you have your raspberry pi already setup with ssh access, but asking every time for the password (annoying and not safe). If you didn’t set up your Raspberry Pi yet check this post
Generate an ssh key pair (private-public) on your local computer
(skip this step if you already have a pair, continue if you don’t know)
First, check if you already have one.
Default all the ssh keys are located in ~/.ssh
folder on your computer. If you don’t have this folder or it’s empty you don’t have.
To generate a new rsa key pair go to Terminal and simply type and follow the steps
ssh-keygen
If you keep all the defaults now you will have two new files
~/.ssh/id_rsa
— This is your private key. NEVER share this file with anybody and DO NOT copy this file to external computers/servers.~/.ssh/id_rsa.pub
— This is the public key. The content of this file can be shared and the content of this file we will need to copy to the raspberry pi.
Copy public key to Raspberry Pi
In order to connect to raspberry PI via ssh using the private-public rsa keys you just created, the Pi needs to have your public key stored locally on the pi. For this connect via ssh to the Raspberry Pi (using the password (default one is raspberry)) and create a new file in .ssh
folder named authorized_keys
. Here will be stored all the public keys of the computers from where you want to have access via ssh.
vim ~/.ssh/authorized_keys
// paste in this the content of the ~/.ssh/id_rsa.pub from your local computer
To test that it’s working disconnect from your raspberry pi and try to connect again normally and you will see that the password is not required anymore.
Create a shortcut
If you don’t remember your IP address of your raspberry pi or you have many all over the house with different functions it’s easier to set a name for each one and then simply ssh by name, right? To do this, on your local computer open or create this file ~/.ssh/config
and type in there the name you want and the.
Host pi-door-sensor
Hostname 192.168.0.15
User piHost pi-shades
Hostname 192.168.0.143
User pi
- Host — Is the name you want to have for that specific connection
- Hostname — The IP address of the Raspberry PI
- User — The username, default is pi
After that connect simply like this, no need to remember the IP addresses anymore.
ssh pi-door-sensor
ssh pi-shades
Disable access via password
If you want to have better security, it’s recommended to connect only using the ssh keys created before and disabled the password, or set up a really strong password.
To disable access via password connect to your raspberry pi and go edit this file
sudo vim /etc/ssh/sshd_config
And you will find a line like this
#PasswordAuthentication yes
change it to be like this (uncomment and change the value to no from yes)
PasswordAuthentication no
That’s it. Hopefully, this helped you. I also have other articles about configuring different stuff on the raspberry pi.