This is the followup of Opening a Raspberry Pi to the outside world On the internet bots constantly try to hack servers. The Raspberry Pi is popular target. That’s why by default ssh is disabled nowadays.
To make this more secure we will only allow login by ssh key instead of a password. Ssh keys are a lot safer and you also won’t need to type/paste the password on login.
sudo nano /etc/ssh/sshd_config
remove the # at the front and change the value to no.
As a fall-back we will allow login in from the home network. So at the bottom of the file add. (the 4 spaces in front of the line matter)
Match address 192.168.*.* PasswordAuthentication yes
Restart the ssh service.
sudo service ssh restart
Generate keys on the raspberry pi:
ssh-keygen -t rsa -b 4096 -C "pi-webserver"
Just press enter for both the location and password.
Add your local key. Form your own machine mac/linux/windows.
Paste your public key in this file.
For linux/mac you can find your public key with:
Always test in a new terminal tab/window.
That way if something goes wrong you’re still logged in in the previous tab.
You should login without needing to type the password. To check if the password is disabled you should try login in from a different computer and a different ip.