This is the followup of Opening a Raspberry Pi to the outside world On the internet bots constantly try to hack servers. The Raspberry Pi is popular target. That’s why by default ssh is disabled nowadays.
To make this more secure we will only allow login by ssh key instead of a password. Ssh keys are a lot safer and you also won’t need to type/paste the password on login.
sudo nano /etc/ssh/sshd_config
remove the # at the front and change the value to no.
As a fall-back we will allow login in from the home network. So at the bottom of the file add. (the 4 spaces in front of the line matter)
Match address 192.168.*.* PasswordAuthentication yes
Restart the ssh service.
sudo service ssh restart
Generate keys on the raspberry pi:
ssh-keygen -t rsa -b 4096 -C "pi-webserver"
Just press enter for both the location and password.
Add your local key. Form your own machine mac/linux/windows.
sudo nano .ssh/authorized_keys
Paste your public key in this file.
For linux/mac you can find your public key with:
In a new terminal tab/window, try to login again. This way you can change things in the current tab. If something went wrong. You should login without needing to type the password. To check if the password is disabled you should try login in from a different computer and a different ip.