Close

Generate SSH Keys

A project log for SSH Keys for Raspberry Pi

How to set up your raspberry pi to use SSH keys and disable password logins.

lazLaz 05/12/2015 at 21:090 Comments

So one thing that you'll need to do prior to disabling password log in of the RPi is to set up SSH keys. You'll want to do this on whatever computer you want to use to connect to the pi. If you will want your pi to connect to other computers using SSH keys, you'll need to generate SSH keys for the pi as well. To create a key use the following command:

ssh-keygen -t rsa -C "your_email@example.com"
The -t option specifies RSA key generation, which is a technical detail beyond this tutorial. You'll be prompted to save the key file into a location. You can press enter to accept the default, which is recommended until you are more proficient. After giving a path to save the keys, you'll be prompted for a passphrase for the key. It is recommended to use a passphrase, as it will protect your key for a limited time if your private key gets stolen. The complete key generation step will look like this:
$ ssh-keygen -t rsa -C "your_email@example.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/pi/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/pi/.ssh/id_rsa.
Your public key has been saved in /home/pi/.ssh/id_http://rsa.pub.
The key fingerprint is:
2f:dd:77:64:48:a3:aa:51:f8:01:6b:73:10:00:fb:92 your_email@example.com
The key's randomart image is:
+--[ RSA 2048]----+
|    .....        |
|     .   .       |
|    .   o     o  |
|     o   =   o o |
|    E . S + . . o|
|     . . B +   o |
|        o = . . .|
|         +   . . |
|        .        |
+-----------------+


The fingerprint and randomart are cryptographic details that aren't necessary to understand to be able to use the keys. By default, the keys will be saved to your ~/.ssh folder. To see the keys, use the following commands:

pi@sshpi ~ $ cd .ssh
pi@sshpi ~/.ssh $ ls
id_rsa  id_http://rsa.pub

You will see there are two keys: a public key and a private key. The math is beyond this tutorial, but the system works by giving away the public key to any server you want to SSH into, such as your RPi. It is used by the SSH server to encrypt messages. If your private key can decrypt the message, then your are assumed to be the user who matches that public key. You are authorized, and no passwords are required. The next step is to get your public key onto the raspberry pi.

Discussions