Keychain

Raspberry Pi configuration guide to use SSH Key authentication with the RaspController application

The Raspcontroller app has a keychain that will contain all the keys generated through the application itself or through the Raspberry Pi ssh-keygen command.

It is possible to access the keychain directly through the application settings, or when configuring / modifying a new device.

How to generate SSH keys with RaspController


Press the “+” button on the keychain to add a new key.

Now, using the “Generate” tab, enter the name of the key (optional, but useful for recognizing the key when there are many), select the type of key (ED25519 or RSA) and its size, finally enter a passphare for encrypt the key (optional, but recommended to protect the key).

At this point it is possible to generate the key pair (public and private). The private key will be used by RaspController, while the public key will need to be copied to the Raspberry Pi.

To export the public key just click on the menu related to the key you created and choose “Export” or “Share”, then transfer the key on the Raspberry Pi (we recommend using the folder /home/user/.ssh/)

Now you can go directly to the SSH client configuration.

How to generate SSH keys with Raspberry Pi

To generate new RSA SSH key type the following command in the Raspberry PI terminal:

ssh-keygen -t rsa

confirms the name of the file with ENTER and enter a passphrase (recommended).

 

For Ed25519 keys type (may not work properly):

ssh-keygen -t ed25519

 

For ECDSA keys type:

ssh-keygen -t ecdsa

 

After generating the key pair, continue with configuring the SSH client.

SSH client configuration


Edit the file ‘sshd_config’:

sudo nano /etc/ssh/sshd_config

edit the line ‘AuthorizedKeysFile’ removing the # symbol (if present) and adding:

.ssh/<public_file_name>.pub   (eg ‘id_rsa.pub’)

<public_file_name>.pub is the private key that was generated with the ssh-keygen command or that was generated with RaspController and then copied to the folder /home/<user>/.ssh/

If you don’t use any passphrase you need to edit the file /etc/ssh/sshd_config with 'PermitEmptyPasswords yes'.

 

Save the content of the file pressing CTRL + X (to exit from nano), respond “Yes” at the request of saving, then confirm with ENTER.

Now reboot the ssh service with:

sudo /etc/init.d/ssh restart

or reboot the Raspberry PI.

Use the key on RaspController


When configuring a device, you can use the password or private key for authentication.

To associate a private key to the device, press the button with the key icon, the keychain will be shown. It is possible to select an existing key, generate a new key pair or import a key generated via the Raspberry Pi.

 

Remember to also enter the sudo password, which is required to install the packages needed by RaspController.

How to import SSH keys generated with Raspberry Pi


In the keychain press the “+” key to add a new key then select the “Import” tab.

Enter the name of the key (optional but useful for identifying it).

It is possible to import the private key by selecting a file or it is possible to paste the contents of the key by making a long tap on the text box and selecting “Paste” in the displayed menu.

If you wish, you can also import the public key (optional, not necessary for correct operation).

Finally enter the passphrase used to encrypt the key (leave blank if no passphrase was used).

After saving, the key is added to the keychain. Now you can pair it with a device.

Only for user other than 'pi'


If you are using a user other than the classic ‘pi’ remove the password prompt from this user.

Create a custom sudoers file using (replace bob with your user):

sudo visudo /etc/sudoers.d/010_bob-nopasswd

Insert the following contents on a single line:

bob ALL=(ALL) NOPASSWD: ALL

Save the file and exit.

 

Raspberry Pi documentation: https://www.raspberrypi.org/documentation/linux/usage/users.md

Only for root user


The previously created keys are placed in the ‘pi’ user folder, now you also need to copy the public key in the root directory.

Create the ssh directory (if not exists) [~ is Alt Gr + ì]:

sudo mkdir ~root/.ssh

Copy the key:

sudo cp ~/.ssh/id_rsa.pub ~root/.ssh/id_rsa.pub

(for the Ed25519 key the file name is ‘id_ed25519.pub’)