Wednesday 15 January 2014

SSH with DSA public key authentication - password less login

After taking pictures on your raspberry pi you might want to transfer the images to your PC. You can use several methods but I'm going to use scp over ssh using password less login. That way I can automate the transfer.
In this example I used following devices

Raspberry pi, IP 192.168.1.10 and user pi
Linux laptop, IP 192.168.1.20 and user foo

Step 1: Create Authentication SSH-Kegen Keys on the raspberry pi

Login to your rpi 192.168.1.10 with user pi to generate a pair of public keys
[pi@raspbmc ~]$ ssh-keygen -t dsa
If you do not want to give your file a name, just press enter. Or you can
Generating public/private dsa key pair.
Enter file in which to save the key (/home/pi/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/id_dsa.
Your public key has been saved in .ssh/id_dsa.pub.
The key fingerprint is:
83:8d:95:48:d3:25:11:48:f5:de:53:47:98:54:a2:b6 pi@pi
The key's randomart image is:
+--[ DSA 1024]----+
|         .++==++o|
|         ..+.+o..|
|          +   o.o|
|       o o   . +o|
|      . B   . .Eo|
|         .   .  .|
|            . +  |
|    a   o.       |
|          .      |
+-----------------+

Step 2: Upload Generated Public Keys to – 192.168.1.20

Use SSH from server 192.168.1.1 and upload new generated public key (id_rsa.pub) on server 192.168.1.20 under pi‘s .ssh directory as a file name authorized_keys.
[pi@raspbmc ~]$ cat .ssh/id_rsa.pub | ssh foo@192.168.1.20 'cat >> .ssh/authorized_keys'
foo@192.168.1.20's password:

Step 3: Set Permissions on – 192.168.1.20

Due to different SSH versions on servers, you might need to set permissions on the .ssh directory and the authorized_keys file.
[pi@raspbmc ~]$ ssh foo@192.168.1.20 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
foo@192.168.1.20's password: [Enter Your Password Here]

From now onwards you can log into 192.168.1.20 as foo user from server 192.168.1.10 as pi user without password.
[pi@raspbmc ~]$ ssh foo@192.168.1.20

And now you can use scp to transfer files manually or you can automate transfer with script
scp file foo@192.168.1.20:/tmp