Remote ssh without password from trusted client


#1

It's a small thing, entering your password each time when you ssh into your Raspberry Pi but it's unnecessary if you trust your workstation or laptop. It's possible to setup a keypair so that your laptop, for instance, can remote in without the password. This is especially handy if you want to run a script remotely on the Raspi and you don't want to hard-code your password into a script, for example.

Assumptions

I'm sure all this will work with other workstations but I'm on OSX so that's how I'll be describing all this. I also assume that you have ssh as a client as well as ssh-keygen (which I'm sure comes with OSX). And finally, I assume that your Raspberry Pi is named octopi.local and that pi is the remote user.

Create a keypair

From a Terminal prompt on your laptop:

ssh-keygen -t rsa -b 2048

For this, you'll want to accept the prompts. It should then place any files into a ~/.ssh folder using the default names which I use below. If you change the names then adjust in the command(s) which follow.

Publish your public key to the Raspberry Pi

Again, from your laptop:

ssh-copy-id -i ~/.ssh/id_rsa.pub pi@octopi.local

You'll need to credential to the Raspberry Pi as your pi user for this command to complete. If successful, it will update an ~/.ssh/authorized_keys file on your Raspberry Pi.

Try it

Assuming that everything worked up to this point, you'll want to give it a try.

From your laptop (noting that a password should now not be prompted):

ssh pi@octopi.local

  Linux octopi 4.14.62-v7+ #1134 SMP Tue Aug 14 17:10:10 BST 2018 armv7l
  Last login: Tue Sep  4 10:50:53 2018 from 10.20.30.240

  ------------------------------------------------------------------------------
  Access OctoPrint from a web browser on your network by navigating to any of:
    http://octopi.local
    http://192.168.1.250
  ------------------------------------------------------------------------------
  OctoPrint version : 1.3.9
  OctoPi version    : 0.15.0
  ------------------------------------------------------------------------------

Remotely running a script on the Raspberry Pi

Now that your laptop is a trusted client, this opens up some possibilities for remotely running scripts via ssh.

Remotely see if OctoPrint is running from your laptop:

ssh -t pi@octopi.local "ps -ax|grep octoprint"

You'll want to be careful with some commands, like starting things like watch or tail which want to stay open. I'm using the -t argument which should hope to exit cleanly after running a standard command, though.

Some Context

I have several Raspberry Pi's and different things and I've added shell scripts which turn things ON/OFF remotely. I use this technique to make things remotely happen.

A useful helper script for ssh

Lastly, since I'm a little bit lazy, I created a wrapper script for ssh itself which saves me from typing either the "pi@" or the ".local" parts of this.

Code for sshp (as created somewhere in your path and chmod a+x'd so that it can be executed:

#!/bin/sh

if [ $# -lt 1 ]
then
	echo "Usage: $0 octopi"
	echo ""
	echo "The script will attempt to remote SSH into the"
	echo "indicated server as the pi user."
	exit 1
fi

ssh pi@$1.local

Usage

Then, you could just type this to remote into your octopi.local as pi:

sshp octopi

Feel free to modify it to add any extra arguments ($2, $3, etc) to the ssh command.

More info about ssh


#2

You can add entries to your .ssh/config to do this instead:

Host octopi octoprint octopi.local octopi.tedder.me someothernickname
  HostName octopi.local
  User pi

I use that to connect to an IP instead. Yes, an IP as 'HostName'. Also showing some other options.

Host somehost
  HostName 192.168.11.22
  User pi
  ControlPersist 600
  ForwardAgent yes
  IdentityFile ~/.ssh/otherkeyA # try these keys in this order
  IdentityFile ~/.ssh/otherkeyB

Wildcards can be handy too:

Host 192.168.*
  User pi