SSHの公開鍵認証を有効(For Raspberry PI)

Posted by gekal on April 07, 2020 · 2 mins read

SSH認証用キーを作成

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/gekal/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/gekal/.ssh/id_rsa.
Your public key has been saved in /home/gekal/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:tlRjt9k73ouJgHxXZOHP+RU1WNvjQWxeitRG+k/YHhI gekal@home
The key's randomart image is:
+---[RSA 2048]----+
|             +=+.|
|            oo=o*|
|          +.oEo*o|
|         o o+=*+=|
|        S   oo+*+|
|      .o..  . .=+|
|       o.o .  o +|
|        . o ..oo |
|           . o..o|
+----[SHA256]-----+

Publicキーをホストに登録

# ローカルの鍵をリモートサーバーにコピー(パスワードの入力が必要)
ssh-copy-id -i ~/.ssh/id_rsa.pub pi@raspberrypi.local

又は

# リモートサーバーにログインしてから、公開鍵を書き込む
$ mkdir ~/.ssh
$ echo "ssh-rsa public key contents" > ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/
$ chmod 600 ~/.ssh/authorized_keys
$ cat ~/.ssh/authorized_keys
ssh-rsa public key contents

鍵を使ってログイン

$ ssh pi@raspberrypi.local
Linux raspberrypi 4.19.97-v7l+ #1294 SMP Thu Jan 30 13:21:14 GMT 2020 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Apr  7 09:36:16 2020 from 192.168.0.XXX

SSHコンフィグの設定

~/.ssh/config

Host raspberrypi.local
  HostName raspberrypi.local
  User pi
  Port 22
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile ~/.ssh/id_rsa
  IdentitiesOnly yes
  LogLevel FATAL
$ ssh raspberrypi.local
Linux raspberrypi 4.19.97-v7l+ #1294 SMP Thu Jan 30 13:21:14 GMT 2020 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Apr  7 09:39:00 2020 from fe80::d80b:e725:e2b5:fa5b%wlan0

VSCodeからのリモート接続

Remote-SSH: Connect to Host...」のコマンドを実施してから、raspberrypi.localをリモート接続ください。

初回起動時に、VSCodeサーバーをダウンロードする必要があるので、時間をかかる場合あります。

参照

  1. CentOS7.3でSSH接続(公開鍵認証)する方法
  2. SSHコンフィグファイル