I want to be able to access my Raspberry Pi Cluster and log onto any node without entering a password. To do this I can set up as passwordless SSH key.
Generating a SSH Key
To generate a SSH key you can use the command
ssh-keygen. Once you have ran this you will get the below command output.
chewett@bunker-master:/tmp$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/chewett/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/chewett/.ssh/id_rsa. Your public key has been saved in /home/chewett/.ssh/id_rsa.pub. The key fingerprint is: 08:da:bf:3b:40:60:19:62:a8:97:10:77:e1:c9:93:d8 chewett@bunker-master The key's randomart image is: +---[RSA 2048]----+ |+oooo. | |+o+* o | |.o.oE | |. oo.o . | | .... . S | | .. | | .. | | .. | | oo | +-----------------+
During this command you can choose where the store the key files and what passphrase you want to secure the key with. For this I have not set a passphrase so I don’t need to enter it when logging into my cluster.
Once I have ran this command it will generate a public and private key. This private key is used in combination with the public key to authenticate yourself. I will install the public key on any machine that I want to login to and it will give access via the private key. As suggested by the name the public key can be installed on all your machines and the private one should be kept private.
Installing the public key
Once you have generated your public key you need to copy it to all the machines you want to access it on. To install it you need to add it into the authorized_keys file. This is located in
~/.ssh/authorized_keys. You can copy your public key to the machine and install it using.
scp /home/chewett/.ssh/id_rsa.pub bunker-master:~/ ssh bunker-master mkdir ~/.ssh/ cat id_rs.pub >> ~/.ssh/authorized_keys
The first line copies the public key to the machine. Once this has been done you can login to the remote server (second line). If the
~/.ssh/ directory does not exist it can be created with
cat you can then echo your public key and append it to the
authorized_keys file. We want to ensure we append to this file using
>>. This is because if the file exists we want to add your public key and not lose the other lines in this file.
Logging in with the SSH key
Now we have installed the SSH public key we can login to the machine using
ssh -i ~/.ssh/id_rsa bunker-master
-i flag you can specify which key file you want to use to ssh into the host. If you don’t want to enter this each time you can specify this in your SSH config file. This file should be found, or created, in
Host bunker-master HostName 192.168.0.5 User chewett IdentityFile ~/.ssh/id_rsa
The format for the file is above. Host is the name you want to refer to the machine as. HostName is the IP or hostname of the machine that will be used to SSH to. User can be specified to set the username used to SSH in and IdentityFile will specify the keyfile you want to use when logging.
If I set my config file up as above, all I would need to do so is type
ssh bunker-master and this would effectively run
ssh -i ~/.ssh/id_rsa email@example.com. The first being much shorter.
In addition to being able to specify all the options in the config file, using a keyfile means you don’t need to enter your password. Since I didn’t enter a password for my keyfile entering
ssh bunker-master will automatically ssh into the host and log me in.
Once I have installed this on all of my nodes I will be able to SSH into any one of them without needing a password. Performing this will be important for automatically running commands on the nodes.