Now that we can access our Pi from the internet, let’s turn up the safety a notch higher. We are going to setup SSH using a key pair, also known as public-key authentication.
In short, you create a key pair, you keep the private key on your local machine and copy the public key on the remote machine (the pi). The combination allows access. RSA is still the de facto key pair, developed in 1977, this is pretty impressive. More recently the use of ED25519 is coming up, which is not supported by older machines, but that issue we don’t have.
To generate a basic RSA key pair, you use the following command:
ssh-keygenTo generate a basic ED25519 key pair you user this command:
ssh-keygen -t ed25519Default this will safe two files in the .ssh folder in your home directory. Remember a dot in front of a file- or folder name means it is hidden. For now we will not set a pass phrase, so you can just hit enter 3 times.
Next thing we need to copy the public key to our Raspberry Pi. For this we use the ssh-copy-id command:
ssh-copy-id -i ~/.ssh/<mykey>.pub pi@<ipaddress>Here <mykey>.pub should be id_rsa.pub or id_ed25519.pub
After you have copied the public key you can try to ssh into your Pi. You’ll notice you don’t have to enter a password anymore.
It is a good practice to back up your public and private key pair in your password manager.