The following are the ingredients:

The following are the steps for remotely accessing the Raspberry Pi using the ssh command:

A user on a client computer can use the Secure Shell command, ssh, to access the Raspberry Pi as though they have logged in directly using a keyboard and a display connected to the Raspberry Pi. Once the Secure Shell server is up and running, the Raspberry Pi can be accessed remotely and no longer needs a keyboard or a display.

Before remote login is possible, the network address of the Raspberry Pi must be known. In this recipe, the ifconfig command was used to discover the IP address directly from the Raspberry Pi via an attached keyboard and display. It is also possible to discover the IP address from the configuration interface of the local network gateway or DSL router.

The preceding screenshot shows how the IP address of a device named raspberrypi is displayed in a DSL router's configuration interface.

The IP address of a device (for example, the Raspberry Pi) is a mapping between the permanent hardware address of the device's network interface (b8:27:eb:29:aa:5a) and its current address in the topology of the local network (192.168.1.79). In the preceding example, the device named raspberrypi has been assigned network ID 79 in the 192.168.1 subnet of the local network.

Most home and small office networks attempt to assign network IDs semi-permanently to the same device (hardware address). So, once discovered, it is not likely that the Raspberry Pi's IP address will change.

The Secure Shell utility, ssh, uses encryption to ensure that communication between the Raspberry Pi and other computers on the network remains secure. On first launch, the Secure Shell server creates a unique security key (like a fingerprint) that can be used to uniquely identify that particular Secure Shell server. The first time a Secure Shell client connects to a Secure Shell server at a specific IP address, the client prompts the user to verify that the server has the correct fingerprint and then stores the key for identifying the server during the next connection.

The Secure Shell client will prevent logins to a machine with the same IP address but a different security key. This helps to prevent a hacker from spoofing a device by stealing its IP address.

The preceding screenshot shows that the Mac OS X ssh client suspects a hacker, but it's only a new install of the Raspberry Pi.

When the security key that the Secure Shell client receives from the server on the Raspberry Pi no longer matches with the one that the client has stored, access to the Raspberry Pi is denied.

When the Raspberry Pi is reinstalled, the Secure Shell server's security key changes because a new security key is generated each time the Secure Shell server is installed. The same safety check that prevents a hacker from completing a successful man-in-the-middle attack also prevents login to a newly reinstalled Raspberry Pi.

The old, invalid key of the Raspberry Pi's Secure Shell server stored on the client can be deleted using the ssh-keygen command. The IP address of the Raspberry Pi needs to be specified on the command line, as shown in the following example:

ssh-keygen –f "/Users/golden/.ssh/known_hosts" –R 192.168.1.79

Once the security key has been deleted, the Secure client will no longer block access to that IP address. Afterwards, login using ssh works the same way as during the initial login, and the new security key is stored on the client.

The ssh-keygen command is used to remove (-R) the security key for IP address 192.168.1.79.