this post was submitted on 24 Mar 2024
8 points (90.0% liked)

raspberrypi

3243 readers
3 users here now

Community about the single-board computers, micro-controllers and related projects.

https://www.raspberrypi.com/

Other RaspberryPi communities on Lemmy

founded 4 years ago
MODERATORS
[email protected]
8
Setting up SSH keys for all my computers (lemmy.world)
submitted 7 months ago by [email protected] to c/[email protected]
7 comments fedilink hide all child comments
 

Hi everyone, every time I setup a Pi project server I have a hard time since I can only access that device from the computer where I created the image since I add the SSH key during setup, but I would like to be able to ssh from my android and my other laptop in case I'm out on the road and away from home.

How can I add the other keys for the other devices to a single Pi without using the user name and password as this is also given me problems because ssh wants to try using keys and if it does not find them it just fails instead of asking me to enter the password (also, because it's not really safe).

all 8 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 7 months ago (1 children)

Not quite sure I understand what you want...

Each client, the devices you ssh from, has a key pair. You take the public key part of that pair and put it in the authorized_keys file on the server, the device you ssh to. The cannonical paths for your keys and authorized_keys is ~/.ssh/

You say you cannot reach your pi from your phone? Find the key file named something .pub on your phone, add it to the authorized_keys (as a single line in that file) on your pi. That is it.

If you also want to drop the username you need to add something like this to your .ssh/config on your phone:

Host alias_for_pi
  Hostname pi_ipnumber
  User pi_user

Does this help?

[–] [email protected] 1 points 7 months ago (1 children)

Thanks I tried adding the second ssh pub key to my servers authorized keys, but now it tells me that because the user name is different it wont let me connect

[–] [email protected] 1 points 7 months ago (1 children)

Ssh -l username, iirc.

[–] [email protected] 1 points 7 months ago

Thanks I'll try that tomorrow and report back if it worked.

[–] [email protected] 2 points 7 months ago

I know just how you feel. I have two servers, a phone, and two laptops that all may need to intercommunicate at any given time. For this I use Warpgate: https://github.com/warp-tech/warpgate

There's a tiny bit of a learning curve I feel but after setting up a couple connections you'll get the hang of it. Teleport is a similar solution but I don't like to use tools I don't understand and it's a bit more complex.

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

Debian has a package ssh-import-id which you can then run ssh-import-id-gh $githubUsername and it will ingest all the public keys you’ve put in GitHub. Should be able to easily add it to the cloud-init.yaml but I just always install and run this first.

You can also just copy the keys to the install when you are imaging the SD card.

Or use Ansible.

[–] [email protected] 1 points 7 months ago

Thanks, I'll take a look at Ansible