Coding with Titans

so breaking things happens constantly, but never on purpose

Raspberry Pi quick SSH remote access from macOS

Managing a farm of Raspberries can be a difficult task. It becomes even more cumbersome and tiring, if each of them has the ssh-daemon service running on a different port and uses a different administrator account name. So could I login to them quicker / more efficiently without repeating those parameters all the time and most importantly without remembering all their combinations? Like in following command:

$> ssh [user]@[hostname.domain] -p [port]

user@host's password: ...

Normally on Windows I would use Putty.exe, fill in all the details once, save them and I would be done. Unfortunately this little app doesn’t work on macOS. This is perfectly fine though. Somehow on macOS I prefer to touch the bare metal and use the Terminal app as much as possible and issue all necessary commands there (and also understand, what’s hidden inside and how it works). Final state I wish to achieve is to be able to automatically login just by issuing single command in the future:

$> ssh short_device_name

What’s actually needed is very simple. To complete the task, put following section into the ~/.ssh/config file:

Host [short_device_name]
        HostName                    [full-device-domain-name-or-IP]
        Port                        [port]
        User                        [user-name]
        PreferredAuthentications    publickey
        IdentityFile                "~/.ssh/id_rpi"

After the Host keyword we need to place an alias (short device name) we use for connectivity, under HostName the full domain name of the device (or its IP address). There should be of course no square brackets. Last, we specify usage of the asymmetric key to authenticate and its location. The path points to the private-key and its public part must have been already registered on the target device we are going to log into. No worries, troubleshooting shows, how to do it in the next section.

And voilà. Done. Day saved!


In case the config file missing

It could be created by command:

$> cd ~/.ssh/
$> touch config

After that, we should limit the permissions to let it be accessible only by the current user:

$> chmod 0700 config

Otherwise we will see an error message like:

Bad owner or permissions on /Users/pawel/.ssh/config

In case certificate is missing or not uploaded onto target device

Other thing - the id_rpi is also non standard name of the certificate and you might need to fix it - or by specifying name of existing certificate or by creating totally new one. Keep in mind that default names are is_rsa or id_ecdsa depending on the encryption algorithm used during the creation process.

If you don’t have any certificate at all, or want to use the new one for this specified group of devices, here is the recipe. I also use optional arguments to select ECDSA algorithm and its longest possible length of the key, output file name and also specify the comments (as otherwise user’s and machine’s names would be put inside instead):

$> ssh-keygen -t ecdsa -b 521 -f ~/.ssh/id_rpi -C ""

Now, we can upload the certificate. Although it could be done manually, it’s much easier to use the ssh-copy-id command. It will cause a remote access to the remote device and place the public key (from into ~/.ssh/authorized_keys file. It will create one with proper permissions, if also missing.

$> ssh-copy-id -i ~/.ssh/id_rpi [user]@[hostname.domain] -p [port]