Creating SSH Keys for your Raspberry Pi Server

Add a new user with admin privileges

adduser demo

You can replace your own name with demo.

You will be asked to enter a password and some other details.

In order to grant admin privileges to our newly created user we will use the following command.

gpasswd -a demo sudo

Creating SSH Keys for authentication

Definition. SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary. There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.

This step is going to show you how to manually create a public and private SSH key for your local computer and Raspberry Pi.

Authorized keys are public keys that grant access. They are analogous to locks that an identity key (private key) can open. Authorized keys are configured for an SSH server.

Identity keys are private keys that an SSH client uses to authenticate itself when logging into an SSH server. Source.

Initially we are going to create our key pair. We do this from our local machine. Exit your current SSH session with the following command.

local$ ssh-keygen

You will see the following output. (assuming username is the name of the local user)

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa):

I decided to name my file rpi_key.

Press enter.

Next you will be prompted to enter a password for the account. If you leave this empty then you will not be prompted for a password when attempting to log into the server. I suggest you enter a password here as an additional security measure.

Now we need to copy the public key that has been generated on the local machine. First print the contents of the file to the terminal with the following command.

cat ~/.ssh/rpi_key.pub

Select the content and copy to the clipboard.

Next we need to SSH back into the RPi as the root user.

ssh root@<ip-address>

Once you have logged in type the following command.

su - demo

Where demo is the name of the user you created. This will switch to the home directory of that user.

Next we will create a .ssh file and restrict it’s permissions.

mkdir .ssh
chmod 700 .ssh

Now create a new file called authorized_keys within the .ssh folder. We can do this like so:

vim .ssh/authorized_keys

This will open a new file called authorized_keys within the Vim editor.

Press ‘i’ to enter insert mode and then paste the clipboard into the editor with ctrl-v. Next type ‘:w’ to write to the file followed by ‘:q’ to exit the editor and return to the terminal.

To return to the root user type:

exit

Now that we have created a new user with admin privalges and enabled SSH keys for further authientication we have no reason to be logging into the root user as this is an un-needed security risk.

Lets open the sshd config file again and remove the ability to log in as root user.

vim /etc/ssh/sshd_config

Find the line that looks like:

PermitRootLogin yes

press ‘i’ to enter insert mode and make the following changes

PermitRootLogin no

Type ‘:w’ to write to the file and ‘:q’ to quit Vim and return to the terminal.

Next, restart the SSHD service.

service ssh restart

In order to check that everything is working open a new terminal window (leave the current root user logged in and the current terminal window open).

Within the new terminal window log into your newly created user account.

ssh username@ip-address

Assuming a succesful log in you can now close your root terminal window.

In order to run commands with admin privileges you will need to use the sudo command.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.