Continuing with the Raspberry Pi tutorials this time we have to see SSH, an essential tool that will allow us to control our Raspberry Pi remotely.
Many times we will not have our Raspberry Pi connected to a monitor and a keyboard, but we will have it dedicated to other functions such as a web server or an IoT broker. Or even having a monitor and mouse, in many cases we will want to control it remotely.
The usual ways to connect remotely are SSH and VNC (which we will see in the next post). SSH is the most used, for being fast and secure. It is a common tool in Unix-based computers, such as Linux and Mac. Therefore, familiarizing ourselves with its use is almost essential.
SSH stands for Secure Shell (formerly known as Secure Socket Shell) and, basically, allows us to start a command console on a remote computer in a simple and secure way.
It works similar to Telnet but adds encryption to the communication, so the packets sent by the client or the server cannot be decrypted if intercepted.
SSH follows a client-server model. The client initiates a request to the server, which authenticates the communication and starts the Shell environment. Multiple clients can connect to the same server.
By default, SSH uses TCP port 22 although it can be easily changed. It uses RSA public key cryptography in both connections. The encryption includes Blowfish, DES, and IDEA algorithms, with IDEA being the default.
SSH has more very interesting uses. For example, we can securely copy files between two devices, or tunnel any connection from another application through a secure SSH channel. We will see these uses in future posts.
Configure SSH on Raspberry Pi
To be able to connect to our Raspberry Pi, it will act as a server. Before we can connect we have to activate the option in the configuration because, for security reasons, the SSH server comes disabled in Raspbian.
To activate the SSH server in the Raspberry Pi configuration, check the entry on configuring Raspberry Pi.
On the other hand, we must know the ‘address’ of the Raspberry Pi we want to connect to. Although, in theory, we can resolve the address with the computer name, name resolution is a… somewhat unstable process.
Therefore, if we want a reliable connection it is very convenient for the Raspberry Pi to have a static IP assigned, as we saw in this post.
This connection, in principle, will only work on your local network. To be able to access from outside, over the Internet, you will have to set up a port mapping on the router. The complete process depends on your router, so you will have to consult the documentation of your model.
Connect via SSH to Raspberry Pi
If you are using Linux or Mac then using SSH is very simple, since the Linux terminal includes native support for SSH connections. On Windows we will have to download a client like Putty. We will see both processes below.
SSH Connection from Linux
To connect as a client to a Raspberry Pi simply open the terminal console and run the following command:
ssh user@hostWhere ‘user’ is the name of the user on the Raspberry Pi server and ‘host’ is the IP address or the name of the computer we want to connect to.
For example, if we have the default user for Raspberry Pi and we have configured a static IP 192.168.1.10
ssh pi@192.168.1.10
We will see a warning message indicating that we are using the default user. Keep in mind that the default username and password for Raspberry Pi is well known to everyone, and we are making it very easy for ‘the bad guys’ to enter our system.
It is a serious risk to expose a Raspberry Pi on the Internet with SSH enabled and the default user.
This is why the option of SSH comes disabled by default. SSH is a powerful tool and having it enabled by default was a risk, especially for novice users.
The solution is as simple as creating our own user and removing the default one, a basic security measure that we should do in any case. We will see it in a future post on user management.
SSH Connection from Windows
If we use Windows we will have to use an SSH client to connect to Raspberry Pi. The most used client in Windows is Putty, which is Open Source and available at https://www.putty.org/.
Putty is a very useful program and easy to use, and it is a tool that has more uses than making SSH connections. For example, it can also make Serial connections.
We download and run Putty and a window appears where we can enter the IP address (or the name) of the Raspberry Pi. When connecting, we will be asked for the username and password.
After logging in, we have a command window similar to the one we get in Linux or Mac. Optionally we can save the connection by giving it a name. This way we can have connections to several servers stored, and access them comfortably.
This is how easy it is to make an SSH connection, an almost essential tool for working with Raspberry Pi (actually, with any server with Linux).
In the next post we will see how to set up a remote desktop with VNC, another way to remotely access Raspberry Pi.