- How to use SSH with your Raspberry Pi
- Raspberry Pi Server Basics
- How to delete un-needed software from your Raspberry Pi Server
Add a new user with admin privileges
adduser demoYou can replace your own name with demo.
You will be asked to enter a password and some other details.
In order to grant admin privileges to our newly created user we will use the following command.
gpasswd -a demo sudoCreating SSH Keys for authentication
Definition. SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary. There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.
This step is going to show you how to manually create a public and private SSH key for your local computer and Raspberry Pi.
Authorized keys are public keys that grant access. They are analogous to locks that an identity key (private key) can open. Authorized keys are configured for an SSH server.
Identity keys are private keys that an SSH client uses to authenticate itself when logging into an SSH server. Source.
Initially we are going to create our key pair. We do this from our local machine. Exit your current SSH session with the following command.
local$ ssh-keygenYou will see the following output. (assuming username is the name of the local user)
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa):I decided to name my file rpi_key.
Press enter.
Next you will be prompted to enter a password for the account. If you leave this empty then you will not be prompted for a password when attempting to log into the server. I suggest you enter a password here as an additional security measure.
Now we need to copy the public key that has been generated on the local machine. First print the contents of the file to the terminal with the following command.
cat ~/.ssh/rpi_key.pubSelect the content and copy to the clipboard.
Next we need to SSH back into the RPi as the root user.
ssh root@<ip-address>Once you have logged in type the following command.
su - demoWhere demo is the name of the user you created. This will switch to the home directory of that user.
Next we will create a .ssh file and restrict it’s permissions.
mkdir .ssh
chmod 700 .sshNow create a new file called authorized_keys within the .ssh folder. We can do this like so:
vim .ssh/authorized_keysThis will open a new file called authorized_keys within the Vim editor.
Press ‘i’ to enter insert mode and then paste the clipboard into the editor with ctrl-v. Next type ‘:w’ to write to the file followed by ‘:q’ to exit the editor and return to the terminal.
To return to the root user type:
exitNow that we have created a new user with admin privalges and enabled SSH keys for further authientication we have no reason to be logging into the root user as this is an un-needed security risk.
Lets open the sshd config file again and remove the ability to log in as root user.
vim /etc/ssh/sshd_configFind the line that looks like:
PermitRootLogin yespress ‘i’ to enter insert mode and make the following changes
PermitRootLogin noType ‘:w’ to write to the file and ‘:q’ to quit Vim and return to the terminal.
Next, restart the SSHD service.
service ssh restartIn order to check that everything is working open a new terminal window (leave the current root user logged in and the current terminal window open).
Within the new terminal window log into your newly created user account.
ssh username@ip-addressAssuming a succesful log in you can now close your root terminal window.
In order to run commands with admin privileges you will need to use the sudo command.