How to set up SSH on Raspberry Pi

Eric Internet of Things

SSH is a secure method of logging onto a remote computer. If your Pi is networked then this can be a handy way of operating it from another computer or just copying files to or from it.

First you have to install the SSH service. This is done by this command:

sudo apt-get install ssh

After a couple of minutes this will be complete. You can start the daemon (Unix name for a service) with this command from the terminal:

sudo /etc/init.d/ssh start

This init.d is used to start other daemons. For example if you have Apache, MySQL, Samba etc. You can also stop the service with stop or restart it with restart.

Have it Start at Bootup

To set it up so the ssh server starts every time the Pi boots up, run this command once:

sudo update-rc.d ssh defaults

You can check that it worked by forcing your Pi to reboot with the reboot command:

sudo reboot

Then after rebooting try to connect to it using Putty or WinSCP (details below).

Note: About powering down/rebooting.

I’ve manage to corrupt my SD card twice through poweroffs before it had halted. The result: I had to reinstall everything. Only power down once you have fully shut down your Pi. Given it’s low power usage and little heat given off, you could probably leave it running 24×7.

If you want to shut it down, the shutdown command does that:

sudo shutdown -h now

Change -h to -r and it does the same as sudo reboot.

Putty and WinSCP

If you’re accessing your Pi from the command line of a Windows/Linux or Mac PC then use Putty or the commercial (but free for private use) Tunnelier. Both are great for gnerally browsing around your Pi’s folders and copying files to or from a Windows PC. Download them from these urls:

Your Pi needs to be connected to your network before you use Putty or WinSCP and you need to know its ip address. On my network my Pi is on 192.168.1.69. You can find yours by typing in

/sbin/ifconfig

and on the 2nd line of the output you’ll see inet addr: followed by your ip address.

For Putty, it’s easiest to download putty.exe or the zip file of all the exes and put them in a folder. When you run putty it pops up a configuration Window. Enter your ip address in the input field where it says Host Name (or IP address) and enter pi or any name there.

Now click the save button then the open button at the bottom. You’ll have to login in to your pi but now you can use it as if you were actually there.

This can be quite useful, as it’s far easier to cut and paste long text strings in via a putty terminal.

Try running this command:

ps ax

That shows a list of processes running in your pi. These include ssh (the two sshd) and Samba (nmbd and smbd) and many others.

PID TTY STAT TIME COMMAND
858 ? Ss 0:00 /usr/sbin/sshd
866 ? Ss 0:00 /usr/sbin/nmbd -D
887 ? Ss 0:00 /usr/sbin/smbd -D
1092 ? Ss 0:00 sshd: pi [priv]

WinSCP

I find it most useful to set it up in two screen mode rather than in explorer mode but it’s easily changed in the Preferences. Also in preferences under Integration/Applications change the path to the putty.exe so you can easily jump into putty.

When you connect to the pi, it starts at your home directory which is /home/pi. Click on the two .. to view the folder above and do it once more to get to the root. You can see all of the 20 Linux folders.

After you’ve used a terminal for a while you’ll see a hidden file .bash_history (not that well hidden!). This is a text file of your command history with all the commands you’ve used before so copy it, edit out the stuff you don’t want and keep the useful commands somewhere safe.

 For Linux/Unix environment (terminal)

Make use you have openssh-server installed on both computers (remote and local)

sudo apt-get install openssh-server

Go to you /etc/ssh folder, you have to enable x11 forwarding on the client (i.e., the remote computer) by modifying the ssh_config file. Note: sshd_config is for the server (i.e., local computer). The default configuration on Raspberry Pi is fine.

An example follows

/////////////////////////////////////////////////////////////////////////////////////////////

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
ForwardX11 yes
ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no

//////////////////////////////////////////////////////////////////////////////////////////////////////////

It’s better that you create a separate user for remote access (instead of the default pi)

sudo adduser mike_remote

Optionally you make the new user a super user

sudo usermod -aG sudo mike_remote

Check if mike_remote belongs to sudo

groups mike_remote.

Now you know both ways (i.e., secure shell and VNC) to access a Raspberry Pi remotely…