Are you tired of putting in passwords? I sure am. Creating, remembering, storing, and retrieving passwords can be difficult. While we cannot remove every password in our life, we can at least make life easier and more secure by using keys where available.
Since you are reading this, you probably already have a good understanding of what SSH is used for. I will spare you all the advantages of using SSH and all the wonderful things for which SSH can be used (at least for now). Let's jump straight into creating key pairs and removing the passwords from our life.
Scenario
In this scenario, I am going to create a key pair in Windows and use it to remotely connect to a Raspberry Pi. In the past, connecting between Windows and a Linux device was done using a program named Putty. While Putty is still great, I prefer to do my connections now with the command line in Windows.
I am going to try and connect to my Raspberry Pi that has an IP Address of 192.168.86.25. Please update this IP Address for the computer on which you are trying to connect.
Creating a Key Pair
I will briefly (I mean really briefly) discuss what a key pair is and why they are important prior to actually showing how to create one. A key pair contains two keys: one public, and one private. An important note: you never ever want to give out your private key. It should always remain on your computer. You can give out your public key to whomever you wish (your mom, your Raspberry Pi, your neighbor).
The public key is like a box with an open lock on it. Whoever has the box can place something inside. However, once the box is locked, it can only be opened again with the private key. Not even the person who locked the box can open it up. Therefore, messages can be sent securely to a recipient.
This security is accomplished thanks to RSA encryption. If you are interested, Check out Eddie Woo's videos on how it works.
Now that we have a basic understanding of what a key pair is, let's create a key pair in Windows using the command line. The process is exactly the same if you are on a Linux machine.
Open up a command line in windows and type:
ssh-keygen
It will ask you where you want to save your keys. Hit enter to have them saved in your user folder. It will look something like:
Enter file in which to save the key (C:\Users\me/.ssh/id_rsa):
It will prompt you to enter a password. Leave it blank (unless you really want to enter another password -- it kind of defeats the purpose of this tutorial). Hit enter to confirm the empty password.
The system created two files located in the .ssh folder under your home folder.
dir C:\Users\me\.ssh
You should see two files id_rsa and id_rsa.pub. The private key is contained in the id_rsa and the public key is contained in the id_rsa.pub file.
Transfer the Public Key
Now we need to transfer our public key over to the Raspberry Pi. Remember to transfer the public key, not private. Our goal is to place the public key inside a file titled authorized_keys that is located in the .ssh folder in the home folder of our user on the Raspberry Pi. It needs to be the home folder for the user that you use to SSH into the Raspberry Pi. In this tutorial, I will use the default "pi" user.
Short Cut
After writing this tutorial, Nichlas Hummelsberger (comments below) provided a short cut on how to copy keys over. Thank you, Nichlas, for this information. Below, I have explained the expanded version of this short cut. To quickly send the key, use the ssh-copy-id command, as follows:
ssh-copy-id pi@192.168.86.25
You should not be able to SSH into your computer password free.
Long Version
If you are interested in seeing what goes on with the short cut, knowing the long version may help. If you have completed the short cut, this section is not needed and is for reference only.
The authorized_keys file on the Raspberry Pi probably doesn't exist. Let's create it if it does not exist. SSH into the "pi" home folder.
ssh pi@192.168.86.250
cd ~/.ssh
If the .ssh folder doesn't exist, create it:
mkdir ~/.ssh
Now create the authorized_keys folder:
touch ~/.ssh/authorized_keys
There are many methods of doing this (i.e. copy/paste), but I like to use the secure copy (scp) command to transfer the key.
The "scp" command requires two arguments: the source; and the destination. Fortunately for us, the source and/or destination can be accessed with ssh. To transfer the key from Windows to the Raspberry Pi, enter into the Windows command line:
scp C:\Users\me\.ssh\id_rsa.pub ssh pi@192.168.86.25:~/.ssh/authorized_keys
Conclusion
After entering your password for the last time, you can SSH into your Raspberry Pi password free.
Let me know in the comments below if you have any problems.
Top comments (1)
Thank you!