This is probably a noob question but I am confused on how to get ssh to authenticate with a physical private key file on my client side. I recently made the switch from using hass.io to hassbian for various reasons and I am familiar with setting up SSH auth and running PuYTYgen tool from a hass.io perspective. However, I need to know how where I should be placing my public key in hassbian.
I found this directory but don’t know if that this location is correct and which file
pi@hassbian:/etc/ssh
At this point, I have everything setup in hassbian with duckdns and letsencyrpt already.
The keys are located in a hidden directory, in the users home directory on my installation the keys are located in /home/pi/.ssh, note the period before ssh, this creates a hidden directory in the Linux file structure.
Just to add some more precisions on what you provided, the public key that you want to whitelist must be placed in the file authorized_keys in the folder mentioned by @cariboo
Also, you should check the config file for SSH in order to use only those keys and refuse connections through password authentication. This is done in the file placed in /etc/ssh/sshd_config:
Set PubkeyAuthentication to yes
Set PasswordAuthentication to no
This way you will be able to connect to your Pi with your SSH key. To set this up, you will have to copy your public key onto your pi (scp pi@local_ip path/to/public_key) using your password and copy the content of your public in authorized_keys. Once you edited the configuration of SSH, you will have to run sudo service ssh restart to make it take effect.
@cariboo@Dr_c0w,
It would seem I do not have a .ssh directory where specified… any ideas?
pi@hassbian:~ $ cd /home/pi/.ssh
-bash: cd: /home/pi/.ssh: No such file or directory
pi@hassbian:~ $ cd /home/pi/ | ls -a
. .bash_history .bashrc letsencrypt nohup.out .selected_editor
.. .bash_logout duckdns .nano .profile .wget-hsts
