Managing a farm of Raspberries can be a difficult task. It becomes even more cumbersome and tiring, if each of them has the ssh-daemon service running on a different port and uses a different administrator account name. So could I login to them quicker / more efficiently without repeating those parameters all the time and most importantly without remembering all their combinations? Like in following command:
$> ssh [user]@[hostname.domain] -p [port] user@host's password: ...
Normally on Windows I would use Putty.exe, fill in all the details once, save them and I would be done. Unfortunately this little app doesn't work on macOS. This is perfectly fine though. Somehow on macOS I prefer to touch the bare metal and use the
Terminal app as much as possible and issue all necessary commands there (and also understand, what's hidden inside and how it works). Final state I wish to achieve is to be able to automatically login just by issuing single command in the future:
$> ssh short_device_name
What's actually needed is very simple. To complete the task, put following section into the ~/.ssh/config file:
Host [short_device_name] HostName [full-device-domain-name-or-IP] Port [port] User [user-name] PreferredAuthentications publickey IdentityFile "~/.ssh/id_rpi"
Host keyword we need to place an alias (short device name) we use for connectivity, under
HostName the full domain name of the device (or its IP address). There should be of course no square brackets. Last, we specify usage of the asymmetric key to authenticate and its location. The path points to the private-key and its public part must have been already registered on the target device we are going to log into. No worries, troubleshooting shows, how to do it in the next section.
And voilà. Done. Day saved!
In case the
config file missing
It could be created by command:
$> cd ~/.ssh/ $> touch config
After that, we should limit the permissions to let it be accessible only by the current user:
$> chmod 0700 config
Otherwise we will see an error message like:
Bad owner or permissions on /Users/pawel/.ssh/config
In case certificate is missing or not uploaded onto target device
Other thing - the
id_rpi is also non standard name of the certificate and you might need to fix it - or by specifying name of existing certificate or by creating totally new one. Keep in mind that default names are
id_ecdsa depending on the encryption algorithm used during the creation process.
If you don't have any certificate at all, or want to use the new one for this specified group of devices, here is the recipe. I also use optional arguments to select ECDSA algorithm and its longest possible length of the key, output file name and also specify the comments (as otherwise user's and machine's names would be put inside instead):
$> ssh-keygen -t ecdsa -b 521 -f ~/.ssh/id_rpi -C "rpi@CodeTitans.pl"
Now, we can upload the certificate. Although it could be done manually, it's much easier to use the
ssh-copy-id command. It will cause a remote access to the remote device and place the public key (from
~/.ssh/authorized_keys file. It will create one with proper permissions, if also missing.
$> ssh-copy-id -i ~/.ssh/id_rpi [user]@[hostname.domain] -p [port]