• Home
• Huddersfield Weather
• Useful Guides ▼
  • Apple Products►
    • iWatch Guides►
      • Watchos 7 Guides►
        • Restore from Backup
        • Upgrade iWatch
  • WeeWX Guides►
    • Rasberry Pi Guides►
      • Add CPU Temp to Graphs
      • Add Ecowitt Data
      • Rasberry Pi Upgrade
      • Rasberry Pi Install
    • macOS Tips►
      • Upgrading to Sierra
      • Upgrading WeeWX
      • Summer Time WeeWX 3.5+
      • Summer Time WeeWX 3.0
      • Installation on OSX 10.11
      • Installation on OSX 10.10
      • Run as a Service
      • Managing macOS Log File
      • Testing The Programme
      • Installation on OSX 10.9
    • Add Missing Data
    • Publish WeeWX to S3►
      • Create Free Account
      • Create an S3 Bucket
      • Create an IAM Account
      • Enable S3 access
      • WeeWX Modifications
    • Extending High Low
    • Add Tabs to Seasons
  • Rasberry Pi►
    • Reimaging
    • Install Python3
    • Install awscli
    • Enable RDP
    • Enable SSH
    • Enable HTML Server
    • Disable Sleep Mode
    • Enable VNC
  • MacOS Guides►
    • TimeMachine Restores
    • MacOS 10.15 Catalina►
      • Create Root Mount Point
      • Turn off Auto Boot
    • MacOS 10.14 Mojave►
      • Create USB Boot Disk
    • MacOS 10.12 Sierra►
      • Create USB Boot Disk
      • Upgrade El Capitan
      • Managing Spam
      • Train the Spam Filter
    • MacOS 10.10 Yosemite►
      • Create USB Boot Disk
      • Migrate from Mavericks►
        • Preserve eMail
        • Preserve Cache
        • Preserve File Shares
        • Preserve Websites
        • Preserve DNS
        • Preserve Users
        • Install Yosemite
        • Install Yosemite Server
        • Putting the Users Back
      • Managing Spam
      • Train the Spam Filter
    • MacOS 10.09 Mavericks►
      • Cant access App Store
      • Create NAS Mount
      • Protect Against Botnet
      • Setup Mail Relay
  • Microsoft Tips►
    • Excel Dynanic Graph
    • Excel 3d Arrays
    • OneDrive Sync for Sierra
    • OneDrive in El Capitan
    • OneDrive Cache Errors
  • Networking Tips►
    • DynDNS to Route53►
      • Creating DNS Entries
      • Updating IP Address
      • Automating the Process
  • Gaming Fixes►
    • Assasins Creed
    • Xbox and SonicWall
  • Virtual Box►
    • Resize VDI disk
  • Sonic Wall VPN
• Event Blogs ▼
  • Oracle Partner Day►
    • Agenda and Downloads
    • Morning Introduction
    • Phillip Carter VP IDC
    • Jeff Henley Oracle
    • Morning Breakout
    • Afternoon Breakout
  • Openworld 2014►
    • Exec Briefing
    • Opening Keynotes
    • Monday Keynote
    • Monday Sessions
    • Tuesday Keynotes
    • Tuesday Sessions
    • Wednesday Keynote
    • Wednesday Sessions
    • Aerosmith
    • Thursday Sessions
• White Papers ▼
  • DB Flash Disk
  • Business Aligned DC
• Videos ▼
  • Utility Computing
  • Cloud Adoption
  • Mike at Red Rock
  • Red Rock Highlights
  • Openworld 2016
  • Openworld 2015
  • COMPaaS Explained
  • COMPaaS QuickStarts
  • COMPaaS Agilator
• Social Media ▼
  • LinkedIn
  • Twitter
  • YouTube
  • Friday Cars

<<< Rasberry Pi Guides >>>

Enable SSH access via an RSA token

I prefer to run my Rasberry Pi in headless mode and so I need another method for connecting to my environment.

My method of choice is Virtual Network Computing or VNC, however sometimes I need to be able to ssh onto my Rasberry Pi to perform some quick tasks. And to make the process of connecting much simpler I prefer to setyp passwordless SSH access through the use of an RSA token.

This section takes you through the process of setting this up

First enable ssh on your Rasberry Pi

pi@raspberrypi:~ $ sudo systemctl enable ssh
Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable ssh
Created symlink /etc/systemd/system/sshd.service ? /lib/systemd/system/ssh.service.
Created symlink /etc/systemd/system/multi-user.target.wants/ssh.service ? /lib/systemd/system/ssh.service.
pi@raspberrypi:~ $ sudo systemctl start ssh
    

Now you are ready to create your RSA equivalence files

Note: These copmmands are executed on the computer you will be connecting from, not the Rasberry Pi and you will probably get something like this

First check to see if you have an existing RSA token

iMac:~ Mike$ ls -al $HOME/.ssh
ls: cannot access '.ssh': No such file or directory

iMac:~ Mike$ mkdir $HOME/.ssh
iMac:~ Mike$ chmod 700 $HOME/.ssh
    

If this command returned an error as shown below, then you will have to create the directory as well

Generate new SSH key

If the previous command return the id_rsa.pub file then you can skip this step

Note:If you do run this step your output should be somewhat different to that shown below as I have obfuscated the secure information

iMac:~ Mike$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mike/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):▩▩▩▩▩▩▩▩▩▩▩▩
Enter same passphrase again:▩▩▩▩▩▩▩▩▩▩▩▩
Your identification has been saved in /home/mike/.ssh/id_rsa.
Your public key has been saved in /home/mike/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩▩ <username>@<ip-address>
The key's randomart image is:
+---[RSA 2048]----+
| ★☒☆☉☁☉☆☒★☑|
| ★☒☆☉☁☉☆☒★☑|
| ★☒☆☉☁☉☆☒★☑|
| ★☒☆☉☁☉☆☒★☑|
| ★☒☆☉☁☉☆☒★☑|
| ★☒☆☉☁☉☆☒★☑|
| ★☒☆☉☁☉☆☒★☑|
| ★☒☆☉☁☉☆☒★☑|
| ★☒☆☉☁☉☆☒★☑|
+----[SHA256]-----+
    

You should now have 2 files in your directory

The id_rsa file is your private key. Keep this on your computer.

The id_rsa.pub file is your public key. This is what you share with machines you want to connect to. When the machine you try to connect to matches up your public and private key, it will allow you to connect.

iMac:~ Mike$ ls -al $HOME/.ssh
drwx------  2 mike mike 4096 Mar  1 16:18 .
drwxr-xr-x 18 mike mike 4096 Mar  1 18:05 ..
-rw-------  1 mike mike 1876 Mar  5 18:05 id_rsa
-rw-------  1 mike mike  396 Mar  5 18:05 id_rsa.pub
    

Copy the public RSA key to your Rasberry Pi

This is the easiest way to copy the file

Note: You will still have to enter the password the first time you do this.

iMac:~ Mike$ e$ ssh-copy-id pi@172.16.47.11
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/Mike/.ssh/id_rsa.pub"
The authenticity of host '172.16.47.11 (172.16.47.11)' can't be established.
ECDSA key fingerprint is SHA256:nt/ZZJIZ1Cho/KQtD0aamBcltUUUmvcVOsQSBpmB/CI.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
pi@172.16.47.11's password: ▩▩▩▩▩▩▩▩▩▩▩▩

Number of key(s) added:    2

Now try logging into the machine, with:   "ssh '<username>@<ip-address>'"
and check to make sure that only the key(s) you wanted were added.

webmail:~ Mike$
    

But if your environment does not contain this command you can always do it old school

iMac:~ Mike$ cat $HOME/.ssh/id_rsa.pub | ssh <username>@<ip-address> 'mkdir -p $HOME/.ssh && cat >> $HOME/.ssh/authorized_keys'
<username>@<ip-address>'s password: ▩▩▩▩▩▩▩▩▩▩▩▩
    

Now try logging into the environment and running a command to test it works, and check to make sure that only the key(s) you wanted were added.

iMac:~ Mike$ ssh <username>@<ip-address> hostname
raspberrypi
iMac:~ Mike$ ssh <username>@<ip-address> 'ls -al $HOME/.ssh'
total 12
drwx------  2 mike mike 4096 Mar  6 07:32 .
drwxr-xr-x 19 mike mike 4096 Mar  6 07:32 ..
-rw-------  1 mike mike 1128 Mar  6 07:32 authorized_keys
    

© Mike Revitt

No of distinct visitors