Raspberry Pi: key-based authentication

  • Ubuntu 16.04 LTS
  • Raspberry Pi 3 Model B

Key-based authentication is a nice alternative to username/password-based login. Below is a basic process describing how to generate an RSA key pair and install public key on Raspberry Pi.

For more info see How to configure ssh key-based authentication on a linux server, or Securing your Raspberry Pi.

Create RSA key pair
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):        
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:

The key will be created in the ~/.ssh folder by default.

Upload public key to Raspberry Pi
$ cat ~/.ssh/id_rsa.pub | ssh pi@192.168.0.xxx "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Alternatively, use ssh-copy-id:

$ ssh-copy-id pi@192.168.0.xxx
DISABLE PASSWORD authentication (optional)

If higher level of security is required – consider disabling password authentication. Edit the following lines in /etc/ssh/sshd_config as shown below:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
Key-based authentication

Start ssh session as usually, password will not be required:

$ ssh pi@192.168.0.xxx