In this guide, I’m going to show you how setup password-less ssh login to your Raspberry Pi.
Itching to get started? Lets go!
Beam me up
This guide assumes you have already loaded NOOBS onto a SD card and installed Raspbian. If you have not, those instructions can be found here.
Once you have installed Raspbian come back and we’ll continue. Don’t worry, I’m not going anywhere.
Logging in
The default login for Raspbian is:
- username: pi
- password: raspberry
Login with the info provided above. (if you haven’t already)
Change your password
using the passwd command you can change the password for the pi user.
you may need to run the command with superuser permissions:
sudo passwd
An example output is below:
pi@raspberrypi:~$ sudo passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
pi@raspberrypi:~$
Note: You can also add a new user if you would like:
useradd jared -p password
Update!
As of 3/17/14 I was suggested a better way of doing this by my good friend Gregg. Instead of manually changing my laptop’s host file, lets use Zero Configuration networking!
Zero Conf Networking
Zero Conf networking comes in two parts. There is a daemon that transmits multicast packets across your local network and then there’s the client which listens for those multicast packets. These packets contain the DNS information for your computer (or Raspberry Pi).
If you have ever installed any Apple software you may have noticed the included installation of Bonjour. Bonjour is the daemon that handles multicast DNS records for all Macs (and some PCs as well). Avahi is used on most linux platforms.
The Avahi install is super quick and super painless. There is no configuration required!
Install Avahi
You can install Avahi with the command below:
sudo apt-get install avahi-daemon libnss-mdns
Test your connection
That’s it! For people who are running Bonjour on their machines they can check if the mDNS has propigated by pinging your Raspberry Pi.
ping raspberrypi.local
(where raspberrypi will need to be the host address of your Raspberry Pi if you changed it)
Passwordless Login
So, now that we’re connect to the network and we have a password of our choice lets set up passwordless login.
1. Create a RSA key.
(This is useful for github, bitbucket, etc.)
Note: This is done on the machine you want to use to connect to your Raspberry Pi. If you already have one then skip this step!
ssh-keygen
Enter your information as needed:
jared@ceznamac:~/.ssh$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/pi/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/pi/.ssh/id_rsa.
Your public key has been saved in /home/pi/.ssh/id_rsa.pub.
Note: This process needs to be done for every machine you want to use to connect to your Raspberry Pi.
2. Create the authorized keys file
cat ~/.ssh/id_rsa.pub | ssh pi@raspberrypi.local 'mkdir .ssh/ && cat >> .ssh/authorized_keys'
Note: Again, you may have to substitute raspberrypi with the hostname of your Raspberry Pi and id_rsa.pub with the name of your RSA public key.
You will then be prompted for a password. The command will then copy the contents of your public key to the authorized_keys file.
Once it has completed, connect to your rasp pi:
ssh pi@raspberrypi.local
Since you have just installed your public key you should be brought right into the terminal without a password prompt:
jaredwolff$ ssh pi@raspberrypi.local
Last login: Mon Mar 17 22:56:14 2014 from ceznamac.local
pi@raspberrypi ~ $
3. Disabling password login (optional)
For those who are interested, now that you can login to your Raspberry Pi with your SSH Key, lets disable password login (for security reasons).
Open up the SSHD config file
sudo vi /etc/ssh/sshd_config
Change these parameters to no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
Reload SSHD
sudo /etc/init.d/ssh reload
Test it
As you can see in the command below, when I try to connect without a specified user name I get a permission denied error. This is because SSH is trying to use my unix account name jaredwolff as the username for my Raspberry Pi. Considering it doesn’t exist and password logins are not allowed it denies me access. Woo!
jaredwolff$ ssh raspberrypi.local
Permission denied (publickey).
Finito!
That’s it! Now you can log in remotely all day long. Enjoy!
More Raspberry Pi posts
Want more Raspberry Pi Posts? Click here for more!
Think something is missing? Email me.
Last Modified: 2020.3.7
