Open in app

Sign in

Write

Sign in

Headless and passwordless interfacing with a Raspberry Pi (SSH + VNC)

Eric Bezzam
5 min readOct 7, 2021

--

This tutorial assumes that you have a Raspberry Pi already setup on your local network and with SSH enabled (check out this tutorial). Note that code snippets with brackets, e.g. <variable>, denote values that need to be set according to your configuration.

Photo by Jainath Ponnala on Unsplash

SSH

Connecting to a Raspberry Pi via SSH (Secure Shell) is rather straightforward. Open a Terminal and type the following command.

ssh <username>@<remote>

where <username> is the username and <remote> is the IP address or hostname of the Raspberry Pi. The default Raspberry Pi OS configuration has these values set to pi and raspberrypi respectively, lending to the following SSH command upon a fresh setup.

ssh pi@raspberrypi.local

The first time you SSH, you may seem something like below.

The authenticity of host 'raspberrypi.local (192.168.X.X)' can't be established.
ECDSA key fingerprint is SHA256:pERC7+nTzU/qRy0ZvzbYbqpI4yUYZUDpNM4ONcPFFb0.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes followed by Enter.

You will then be prompted for a password. The default Raspberry Pi OS configuration has the password set to raspberry. It is highly recommended to change the default password!

You can change the password through the raspi-config tool.

sudo raspi-config

Running the above command will launch an interface like below.

With your arrow keys to go up/down, Enter to select, and Esc to go back / exit the tool, you can navigate this interface. Select “System Options” and then “Password” to edit the password.

Logging out

Ctrl+D will exit the SSH connection. To shutdown the Raspberry Pi you can run:

sudo shutdown -h now

Or to reboot:

sudo shutdown -r now

SSH without password

It is much more convenient to connect to a Raspberry Pi without having to enter the password each time. Moreover, entering the password each time can be a blocker for scripts that use ssh/scp.

In order to communicate passwordless with a Raspberry Pi (or any remote machine for that matter), we first need to create a public / private key pair. We refer to GitHub’s instructions (until “Adding your SSH key to the ssh-agent”).

With the key pair generated, we can run the following command in order to SSH without a password. You will be asked (one last time!) for the password.

cat <public_key_path> | ssh <username>@<remote> 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'

where

  • <public_key_path> is the path to your public key (typically in the folder ~/.ssh and ending with .pub).
  • <username> and <remote> are as before.

If you followed the above GitHub instructions and you have the default Raspberry Pi OS configuration, the command will look something like below.

cat ~/.ssh/id_ed25519.pub | ssh pi@raspberrypi.local 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'

Enjoy SSH’ing without a password!

VNC

Virtual Network Computing (VNC) is a graphical desktop-sharing system that allows you to remotely control another computer with the mouse and keyboard of your local machine.

To use this, we first need to enable the VNC server from the Raspberry Pi. This can be done through the raspi-config tool.

sudo raspi-config

Select “Interface Options”, then “VNC”.

Select “Yes” to enable the VNC server.

From your local machine, download the VNC viewer. Enter the hostname or IP address of your Raspberry Pi at the top and select “Connect to address or hostname…”.

You can ignore the warning (select “Continue”), and then you’ll be asked to enter the username (pi) and your Raspberry Pi’s password.

And then you should be connected!

Troubleshooting

Offending key

Unable to connect and get a warning about an offending key?

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is ...
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user/.ssh/known_hosts:8
  remove with:
  ssh-keygen -f "/home/user/.ssh/known_hosts" -R "raspberrypi.local"
ECDSA host key for raspberrypi.local has changed and you have requested strict checking.
Host key verification failed.

Don’t worry, there is probably no one eavesdropping you! But I see you have already connected to a Raspberry Pi before 😉

You will just have to do some clean up in the known hosts file (~/.ssh/known_hosts on macOS and Linux) by running the following command.

ssh-keygen -R <hostname>

Or for the default Raspberry Pi OS configuration.

ssh-keygen -R raspberrypi.local

A similar error may look like the following.

Warning: the ECDSA host key for 'raspberrypi.local' differs from the key for the IP address '192.168.X.X'
Offending key for IP in /home/user/.ssh/known_hosts:7
Matching host key in /home/user/.ssh/known_hosts:10
Are you sure you want to continue connecting (yes/no)?

In this case enter no, and delete both lines from ~/.ssh/known_hosts (in the above case lines 7 and 10). Running ssh-keygen will just delete the matching host key and not the offending key.

Raspberry Pi
Headless
Passwordless
Ssh
Vnc

--

--

Eric Bezzam

Written by Eric Bezzam

44 Followers

PhD student at EPFL. Previously at Snips/Sonos, DSP Concepts, Fraunhofer IDMT, and Jacobs University. Most of past work in audio and now breaking into optics!

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams