Raspberry Pi configuration guide to use SSH Key authentication with the RaspController application
How to generate SSH keys with RaspController
Press the “+” button on the keychain to add a new key.
Now, using the “Generate” tab, enter the name of the key (optional, but useful for recognizing the key when there are many), select the type of key (ED25519 or RSA) and its size, finally enter a passphare for encrypt the key (optional, but recommended to protect the key).
At this point it is possible to generate the key pair (public and private). The private key will be used by RaspController, while the public key will need to be copied to the Raspberry Pi.
To export the public key just click on the menu related to the key you created and choose “Export” or “Share”, then transfer the key on the Raspberry Pi (we recommend using the folder /home/user/.ssh/)
Now you can go directly to the SSH client configuration.
How to generate SSH keys with Raspberry Pi
To generate new RSA SSH key type the following command in the Raspberry PI terminal:
ssh-keygen -t rsa
confirms the name of the file with ENTER and enter a passphrase (recommended).
For Ed25519 keys type (may not work properly):
ssh-keygen -t ed25519
For ECDSA keys type:
ssh-keygen -t ecdsa
After generating the key pair, continue with configuring the SSH client.
SSH client configuration
Edit the file ‘sshd_config’:
sudo nano /etc/ssh/sshd_config
edit the line ‘AuthorizedKeysFile’ removing the # symbol (if present) and adding:
.ssh/<public_file_name>.pub (eg ‘id_rsa.pub’)
If you don’t use any passphrase you need to edit the file /etc/ssh/sshd_config with 'PermitEmptyPasswords yes'.
Save the content of the file pressing CTRL + X (to exit from nano), respond “Yes” at the request of saving, then confirm with ENTER.
Now reboot the ssh service with:
sudo /etc/init.d/ssh restart
or reboot the Raspberry PI.
Use the key on RaspController
When configuring a device, you can use the password or private key for authentication.
To associate a private key to the device, press the button with the key icon, the keychain will be shown. It is possible to select an existing key, generate a new key pair or import a key generated via the Raspberry Pi.
Remember to also enter the sudo password, which is required to install the packages needed by RaspController.
How to import SSH keys generated with Raspberry Pi
In the keychain press the “+” key to add a new key then select the “Import” tab.
Enter the name of the key (optional but useful for identifying it).
It is possible to import the private key by selecting a file or it is possible to paste the contents of the key by making a long tap on the text box and selecting “Paste” in the displayed menu.
If you wish, you can also import the public key (optional, not necessary for correct operation).
Finally enter the passphrase used to encrypt the key (leave blank if no passphrase was used).
After saving, the key is added to the keychain. Now you can pair it with a device.
Only for user other than 'pi'
If you are using a user other than the classic ‘pi’ remove the password prompt from this user.
Create a custom sudoers file using (replace bob with your user):
sudo visudo /etc/sudoers.d/010_bob-nopasswd
Insert the following contents on a single line:
bob ALL=(ALL) NOPASSWD: ALL
Save the file and exit.
Raspberry Pi documentation: https://www.raspberrypi.org/documentation/linux/usage/users.md
Only for root user
The previously created keys are placed in the ‘pi’ user folder, now you also need to copy the public key in the root directory.
Create the ssh directory (if not exists) [~ is Alt Gr + ì]:
sudo mkdir ~root/.ssh
Copy the key:
sudo cp ~/.ssh/id_rsa.pub ~root/.ssh/id_rsa.pub
(for the Ed25519 key the file name is ‘id_ed25519.pub’)