How to Connect via SSH Without a Password by Generating an SSH Key on Raspberry Pi

We have seen how to use SSH to connect a secure terminal to our Raspberry Pi. It is one of the most powerful tools that we will frequently use when working with remote systems.

However, using SSH will require us to constantly enter the password. Which, if the password is long (and for security it should be), well, what can I say… it’s a real hassle 😄.

We have a commonly used and recommended alternative which is to generate a pair of cryptographic keys to use as an SSH authentication system.

This method uses a pair of asymmetric cryptographic keys (a public key and a private key) to authenticate you, eliminating the need to enter a password each time you connect.

Let’s see how to set it up.

Generate the SSH Key Pair on the Client Device

First, we need an SSH key pair. This first step must be done on the client device (that is, on the machine with which we will connect to the Raspberry Pi, for example, your PC).

To do this, open a terminal on your client device (which can be Windows, Linux, or WSL, for example)

Run the following command to generate an SSH key pair:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Where,

• -t rsa: Specifies the type of encryption algorithm, in this case RSA
• -b 4096: Defines the key size in bits (4096 is a secure length)
• -C "your_email@example.com": Optional, adds a comment to identify the key (for example an email address)

Next, the system will ask you to choose a location to save the key

Enter file in which to save the key (/home/user/.ssh/id_rsa):

You can leave the default name, or name it whatever you want. (for example, the app or the client name).

Or you can press Enter to accept the default location (the .ssh folder).

Finally, the system optionally allows us to add a password (passphrase) to protect the private key

Enter passphrase (empty for no passphrase):

We can leave it blank if we prefer not to have to enter a password every time we use the SSH key (it’s less secure, but one of our goals is not to have to keep entering passwords, right?)

This process will generate two files

• id_rsa, private key that we must keep on the client (and never give to anyone)
• id_rsa.pub, public key that we must copy to the Raspberry Pi

Copy the Public Key to the Raspberry Pi

Now that we have our key pair, we need to copy the public key id_rsa.pub to the Raspberry Pi.

The contents of this file must be added to the .ssh folder within the home directory of the user on the Raspberry Pi, in a file called authorized_keys.

For this, we have two options:

From Another Linux

If we are working with a Linux client (for example, your computer is an Ubuntu or a WSL from Windows), we will have access to a utility called ssh-copy-id which does everything for us.

ssh-copy-id user@ip_address

Simply replace with the username and the IP address of your Raspberry Pi (for example, pi@192.168.1.100)

This command will copy the public key from your client device to the ~/.ssh/authorized_keys file on your Raspberry Pi. During this process, you will be prompted for your Raspberry Pi’s password to complete the operation.

ssh-copy-id -i ~/.ssh/filename.pub user@ip_address

From Windows

If we don’t have the ssh-copy-id tool available, we will have to copy it “manually”. Don’t worry, it’s not too difficult.

We simply need to add the contents of the public key id_rsa.pub to the ~/.ssh/authorized_keys file of the user.

For example, you can copy it using scp with this command

scp id_rsa.pub user@ip_address:/home/username/id_rsa.pub

And then, by connecting via ssh, we add the contents of id_rsa.pub to ~/.ssh/authorized_keys (for example, using the nano editor).

ssh user@ip_address

mkdir -p ~/.ssh
nano ~/.ssh/authorized_keys

Or we could also add it like this (I prefer copying it manually with nano)

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Finally, we ensure that the file permissions are correct

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

PowerShell script to set it up in one step:PUBKEYPATH=“$HOME.ssh\id_name.pub”

PUBKEYPATH” | Out-String); ssh ”{pubKey}’ >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys”

Where, before copying, you must replace

• username@remote-machine-IP with your username on Raspberry Pi, and the IP of the Raspberry Pi (or its hostname)
• id_name.pub with the name you have given to your key file :::

Verify Public Key Authentication is Enabled

Optional, but it’s a good idea to verify that public key authentication is enabled on the Raspberry Pi.

To do this, you need to edit the file /etc/ssh/sshd_config and make sure that the following lines are uncommented and have the value “yes”:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  .ssh/authorized_keys

If you have changed anything, restart the SSH service on the Raspberry Pi for the changes to take effect

sudo systemctl restart ssh

Connect to the Raspberry Pi Without a Password

We have already done the hard part. Now we need to check that everything works correctly. You should be able to connect to your Raspberry Pi without needing to enter a password,

ssh username@ip_address

If everything went well, you should log into your Raspberry Pi automatically without needing to enter a password.

Additional Configuration (Optional)

If you wish to enhance the security of your SSH connection, you can disable password authentication on your Raspberry Pi. This way, only SSH key connections will be allowed. To do this:

Open the SSH configuration file on the Raspberry Pi:

sudo nano /etc/ssh/sshd_config

Look for the line that says #PasswordAuthentication yes and change it to:

PasswordAuthentication no

Save the changes and restart the SSH service:

sudo systemctl restart ssh