This recipe shows how to access the Raspberry Pi remotely using the ssh
command.
After the Raspberry Pi has been configured to automatically
start the Secure Shell server when it boots (see the previous recipe), it is possible to access the Raspberry Pi remotely using the Secure Shell client, ssh
. The ssh
command is built into the current version of the Mac OS X operating systems and is also available for most Linux distributions. For Microsoft Windows operating systems, another utility will be required (see this recipe).
This recipe starts by logging directly into the Raspberry Pi using an attached keyboard and display to discover the IP address of the Raspberry Pi. Once the IP address is known, the recipe shows how to log in to the Raspberry Pi from another computer using ssh
.
After you finish with this recipe, you will no longer be required to log in directly to your Raspberry Pi with an attached keyboard. You will also not need a display. You will be able to remotely administer your Raspberry Pi from another PC on the same network.
The following are the ingredients:
The following are the steps for remotely accessing the Raspberry Pi using the ssh
command:
The preceding screenshot shows a successful login at the console after booting has been finished.
ifconfig
command to discover the Raspberry Pi's IP address.The preceding screenshot shows how the ifconfig
utility is used to display the Raspberry Pi's IP address (192.168.1.79
).
192.168.1.79
) to log in to the Raspberry Pi from another PC using ssh
. The format of the command is ssh username@ipaddress
. For the "official" Raspbian Linux distribution, pi
is the username, and ipaddress
is the IP address of the Raspberry Pi ([email protected]
).The preceding screenshot shows a remote login via ssh
from golden@golden-imac
to [email protected]
.
pi
user is raspberry
.yes
, when asked, Are you sure you want to continue connecting (yes/no)?.exit
to log out.A user on a client computer can use the Secure Shell command, ssh
, to access the Raspberry Pi as though they have logged in directly using a keyboard and a display connected to the Raspberry Pi. Once the Secure Shell server is up and running, the Raspberry Pi can be accessed remotely and no longer needs a keyboard or a display.
Before remote login is possible, the network address of the Raspberry Pi must be known. In this recipe, the ifconfig
command was used to discover the IP address directly from the Raspberry Pi via an attached keyboard and display. It is also possible to discover the IP address from the configuration interface of the local network gateway or DSL router.
The preceding screenshot shows how the IP address of a device named raspberrypi is displayed in a DSL router's configuration interface.
The IP address of a device (for example, the Raspberry Pi) is a mapping between the permanent hardware address of the device's network interface (b8:27:eb:29:aa:5a) and its current address in the topology of the local network (192.168.1.79). In the preceding example, the device named raspberrypi has been assigned network ID 79
in the 192.168.1
subnet of the local network.
Most home and small office networks attempt to assign network IDs semi-permanently to the same device (hardware address). So, once discovered, it is not likely that the Raspberry Pi's IP address will change.
The Secure Shell utility, ssh
, uses encryption to ensure that communication between the Raspberry Pi and other computers on the network remains secure. On first launch, the Secure Shell server creates a unique security key (like a fingerprint) that can be used to uniquely identify that particular Secure Shell server. The first time a Secure Shell client connects to a Secure Shell server at a specific IP address, the client prompts the user to verify that the server has the correct fingerprint and then stores the key for identifying the server during the next connection.
The Secure Shell client will prevent logins to a machine with the same IP address but a different security key. This helps to prevent a hacker from spoofing a device by stealing its IP address.
The preceding screenshot shows that the Mac OS X ssh
client suspects a hacker, but it's only a new install of the Raspberry Pi.
When the security key that the Secure Shell client receives from the server on the Raspberry Pi no longer matches with the one that the client has stored, access to the Raspberry Pi is denied.
When the Raspberry Pi is reinstalled, the Secure Shell server's security key changes because a new security key is generated each time the Secure Shell server is installed. The same safety check that prevents a hacker from completing a successful man-in-the-middle attack also prevents login to a newly reinstalled Raspberry Pi.
The old, invalid key of the Raspberry Pi's Secure Shell server stored on the client can be deleted using the ssh-keygen
command. The IP address of the Raspberry Pi needs to be specified on the command line, as shown in the following example:
ssh-keygen –f "/Users/golden/.ssh/known_hosts" –R 192.168.1.79
Once the security key has been deleted, the Secure client will no longer block access to that IP address. Afterwards, login using ssh
works the same way as during the initial login, and the new security key is stored on the client.
The ssh-keygen
command is used to remove (-R
) the security key for IP address 192.168.1.79
.
http://manpages.debian.net/cgi-bin/man.cgi?query=ifconfig
The Debian man page for ifconfig
.
18.218.38.125