Key generation

Raspberry Pi configuration guide to use SSH Key authentication with the RaspController application

To generate new RSA SSH key type the following command in the Raspberry PI terminal:

ssh-keygen -t rsa

confirms the name of the file with ENTER and enter a passphrase (recommended).

 

For Ed25519 keys type:

ssh-keygen -t ed25519

 

For ECDSA keys type:

ssh-keygen -t ecdsa

 

If you don’t use any passphrase you need to edit the file /etc/ssh/sshd_config with 'PermitEmptyPasswords yes'.

SSH


Edit the file ‘sshd_config’:

sudo nano /etc/ssh/sshd_config

edit the line ‘AuthorizedKeysFile’ removing the # symbol (if present) and adding:

.ssh/id_rsa.pub

(for the Ed25519 key the file name is ‘id_ed25519.pub’)

 

Save the content of the file pressing CTRL + X (to exit from nano), respond “Yes” at the request of saving, then confirm with ENTER.

Now reboot the ssh service with:

sudo /etc/init.d/ssh restart

or reboot the Raspberry PI.

RaspController


Copy the ‘id_rsa’ (or ‘id_ed25519’) file generated by the Raspberry Pi to your Android device.

Then import the private key ‘id_rsa’ (or ‘id_ed25519’) to RaspController.

Only for user other than 'pi'


If you are using a user other than the classic ‘pi’ remove the password prompt from this user.

Create a custom sudoers file using (replace bob with your user):

sudo visudo /etc/sudoers.d/010_bob-nopasswd

Insert the following contents on a single line:

bob ALL=(ALL) NOPASSWD: ALL

Save the file and exit.

 

Raspberry Pi documentation: https://www.raspberrypi.org/documentation/linux/usage/users.md

Only for root user


The previously created keys are placed in the ‘pi’ user folder, now you also need to copy the public key in the root directory.

Create the ssh directory (if not exists) [~ is Alt Gr + ì]:

sudo mkdir ~root/.ssh

Copy the key:

sudo cp ~/.ssh/id_rsa.pub ~root/.ssh/id_rsa.pub

(for the Ed25519 key the file name is ‘id_ed25519.pub’)