Things covered here:-
-
- Hardware overview
- Network configuration
- Update the system and installing ssh client and/or server
- Using simple naming
- Logging into and sending files over secure channels
- Restricting users and IP addresses
- Router settings for web access
- Router setting for portforwarding to a server
- Dispensing with password verification
Hardware overview
Let’s suppose we have 4 raspberry pi computers, a desktop computer and another computer acting as an internet accessible ssh server, all to be given unique static IP addresses. We also have them all connected into a switch and a router with Cat5 LAN cables. The router’s IP address is assumed to be 192.168.1.1, accessible with your browser.
Network configuration
|
1 |
sudo ip address |
will tell you the name of the network card, usually “eth0”.
Then use one of the following three methods:
Use the network widget on your desktop to set up a unique static address.
Or precede with sudo an editor (such as nano) command of the file /etc/dhcpcd.conf thusly, using unique “address” lines for each computer:
|
1 2 3 4 |
interface eth0 static ip_address=192.168.1.2/24 static routers=192.168.1.1 static domain_name_servers=192.168.1.1 |
Or edit /etc/network/interfaces thusly
|
1 2 3 4 5 6 7 8 |
allow-hotplug eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 dns-nameservers 192.168.1.1 |
Save the file and restart the network with the new configuration file
|
1 |
sudo systemctl restart networking |
You can test the card is configured by pinging it and Google with
|
1 2 |
ping 192.168.1.2 ping google.com |
Update the system and installing the ssh client and/or server
With Raspbian, which is a Debian packages based system, run on all machines in turn
|
1 2 3 |
sudo apt-get update sudo apt-get upgrade sudo apt-get install openssh-server openssh-client |
Using simple naming
Edit the file /etc/hosts on the desktop computer thusly:
|
1 2 3 4 5 6 7 |
127.0.0.1 localhost 192.168.1.2 desktop1 d1 192.168.1.3 server1 s1 192.168.1.4 pi1 p1 192.168.1.5 pi2 p2 192.168.1.6 pi3 p3 192.168.1.7 pi4 p4 |
Logging into and sending files over secure channels.
To log from your desktop account to your account on Pi number 3 you can do
|
1 |
ssh p3 |
To log in with the ability to run X Window applications do
|
1 |
ssh -X p3 |
To copy a file to the pi number 3 you can do
|
1 |
scp a_file.txt p3: |
NOTE the colon.
To log into a different account on pi number 3 issue
|
1 |
ssh joe@p3 |
You will be prompted for your password on the server (and the first time a key will be placed in .ssh/known_hosts in your directory).
Restricting users and IP addresses
On the desktop and pi computers edit the file /etc/ssh/sshd_config and add the line:
|
1 |
AllowUsers paul@192.168.1.2 |
(paul is just an example here.)
On the server computer use the line
|
1 |
AllowUsers paul joe |
Then restart the ssh server to read the new config file with
|
1 |
sudo systemctl restart ssh |
Router settings for web access
Only allow your desktop and your server web access by restricting the “IP addresses” and the “MAC addresses” in your router’s software settings.
You can find the details you need to enter by running “sudo ip address” on the desktop and on the server.
Router setting for portforwarding to a server
In the router’s software accessed through a browser set portforwarding as:
|
1 2 3 |
incoming port == 22 forwarding IP address == 192.168.1.3 <---- your server's address forwarding port == 22 |
Your server is now accessible for anyone on the net — use strong passwords!
Dispensing with password verification
You don’t have present your password if your pi servers recognises a key presented to them To get this working
|
1 |
ssh-keygen -b 1024 -t rsa -f /home/paul/.ssh/id_rsa |
(do not enter a pass-phrase – leave it blank)
|
1 |
scp /home/paul/.ssh/id_rsa.pub p3:/home/paul/.ssh/authorized_keys |
VERY IMPORTANT: You should ensure the permissions of the private key permissions file are -rw——- with
|
1 |
ls -l /home/paul/.ssh/id_rsa |
If not use:
|
1 |
chmod 600 /home/paul/.ssh/id_rsa |
Finally, use strong passwords and periodically change them with the passwd command.
