It is possible to configure your Raspberry Pi to allow access from another computer without needing to provide a password each time you connect. To do this, you need to use an SSH key instead of a password. To generate an SSH key:
First, check whether there are already keys on the computer you are using to connect to the Raspberry Pi:
ls ~/.sshIf you see files named id_rsa.pub or id_dsa.pub then you have keys set up already, so you can skip the 'Generate new SSH keys' step below.
To generate new SSH keys enter the following command:
ssh-keygenUpon entering this command, you will be asked where to save the key. We suggest saving it in the default location (~/.ssh/id_rsa) by pressing Enter.
You will also be asked to enter a passphrase, which is optional. The passphrase is used to encrypt the private SSH key, so that if someone else copied the key, they could not impersonate you to gain access. If you choose to use a passphrase, type it here and press Enter, then type it again when prompted. Leave the field empty for no passphrase.
Now look inside your .ssh directory:
ls ~/.sshand you should see the files id_rsa and id_rsa.pub:
authorized_keys id_rsa id_rsa.pub known_hosts
The id_rsa file is your private key. Keep this on your computer.
The id_rsa.pub file is your public key. This is what you share with machines that you connect to: in this case your Raspberry Pi. When the machine you try to connect to matches up your public and private key, it will allow you to connect.
Take a look at your public key to see what it looks like:
cat ~/.ssh/id_rsa.pubIt should be in the form:
ssh-rsa <REALLY LONG STRING OF RANDOM CHARACTERS> user@hostUsing the computer which you will be connecting from, append the public key to your authorized_keys file on the Raspberry Pi by sending it over SSH:
ssh-copy-id <USERNAME>@<IP-ADDRESS>Note that for this step you will need to authenticate with your password.
Alternatively, if ssh-copy-id is not available on your system, you can copy the file manually over SSH:
cat ~/.ssh/id_rsa.pub | ssh <USERNAME>@<IP-ADDRESS> 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'If you see the message ssh: connect to host <IP-ADDRESS> port 22: Connection refused and you know the IP-ADDRESS is correct, then you may not have enabled SSH on your Raspberry Pi. Run sudo raspi-config in the Pi's terminal window, enable SSH, then try to copy the files again.
Now try ssh <USER>@<IP-ADDRESS> and you should connect without a password prompt.
If you see a message "Agent admitted failure to sign using the key" then add your RSA or DSA identities to the authentication agent ssh-agent then execute the following command:
ssh-addIf this does not work, you can get assistance on the Raspberry Pi forums.
Note: you can also send files over SSH using the scp command (secure copy). See the SCP guide for more information.
If you can't establish a connection after following the steps above there might be a problem with your directory permissions. First, you want to check the logs for any errors:
tail -f /var/log/secure
# might return:
Nov 23 12:31:26 raspberrypi sshd[9146]: Authentication refused: bad ownership or modes for directory /home/piIf the log says Authentication refused: bad ownership or modes for directory /home/pi there is a permission problem regarding your home directory. SSH needs your home and ~/.ssh directory to not have group write access. You can adjust the permissions using chmod:
chmod g-w $HOME
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keysNow only the user itself has access to .ssh and .ssh/authorized_keys in which the public keys of your remote machines are stored.
If you are using macOS, and after verifying that your new key allows you to connect, you have the option of storing the passphrase for your key in the macOS keychain. This allows you to connect to your Raspberry Pi without entering the passphrase.
Run the following command to store it in your keychain:
ssh-add -K ~/.ssh/id_rsa