We're taking a step back in this tutorial by learning how to set up SSH Keys for your Raspberry Pi and enable passwordless login. It's very simple and can be applied to any Linux system, not just Raspberry Pi.
Why do a passwordless login? The main reason is that it provides much more security than a password. If anyone knows your password and has some kind of connection to your system, they can get in. But if you disable password login and only rely on SSH keys, the person trying to get into your system MUST be logged in from your computer which contains the SSH Private key.
What are the drawbacks?
Well, if you lose your private key for some reason, you won't be able to get back in. Not remotely at least. If you still have hardware access (such as to your Raspberry Pi), you'll still be able to get in.
In the video below, I cover how how to generate private and public SSH keys and how to disable passwords on your Pi. I do this for my VPN and PiHole setups.
To get started, download the Puttygen software from the following URL: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Runthe PuTTY Key Generator app and let's generatea single RSA Key. You will then see a public key generated with a prefix that looks like
Download your Private key and save it somewhere! Save your public key as well if you are planning on using the same public key in multiple systems.
In your Raspberry Pi, cd into your ~/.ssh directory and create a new authorzed keys file with the following command:
sudo touch authorized_keys
Then edit this file with:
sudo nano authorized_keys
You can use any editor, doesn't have to be nano. Then paste in your public key from above. Remember, only put your public key on your server. Keep the private key to yourself! Do not share!
Now open PuTTY, go to Connection >> SSH >> Auth options (5:40 in the video below). Browse and insert your private key. Then make sure you save your configuration before you close out of it. Otherwise you'll have to keep adding your private key every time.
Now connect and login with your default username: pi
That's it! You should now be authorized using your SSH key. But your password isn't exactly disabled yet. So let's do that.
Let's edit our sshd_config file with the following command:
sudo nano /etc/ssh/sshd_config
Scroll down and search for PasswordAuthentication and change the "yes" to a "no" and remove the pound (#) symbol in the beginning to uncomment it.
When you are done, let's restart the SSH service with this command:
sudo service ssh restart
Once it has restarted, you are done!
Now you are probably wondering, did I win the Raspberry Pi Zero W?
Congratulations to the following 3 winners:
I'll be contacting you soon asking you for your physical address! Congratulations again!
If you didn't win, don't fret, I'll be back with more giveaways. Subscribe to my channel on YouTube and stay tuned!
Have questions about the tutorial! Ask below, I welcome all questions and comments.
Remember to checkout the Resources section below for associated downloadable content, JSFiddle links, and other resources. Watch the video and follow along!