Raspberry Pi: Configure static IP address and enable local remote access via SSH

It’s worth noting for this tut that you’ll notice I’m configuring my static IP via Putty, which obviously means I’ve previously configured my static IP. I’m just going through the process again but from my Desktop, as screenshots are far easier to manage from here.

Configuring a static IP

  1. First off, boot up your Raspberry Pi and connect it to your LAN via Ethernet.
  2. Type the below command; this will produce your RPi’s network adapter’s configurations. Grab a pen and make note of the inet addr, Bcast and Mask addresses of the eth0 adapter.

ifconfig

  1. Next type the below command. This will show us the RPI’s default gateway configuration. The value you’re after is in the Gateway volume, make note of that too.

route

  1. Using your favourite editor – mine’s nano – type the below command.

sudo nano /etc/network/interfaces

This file’s default contents will look a little like the below.

auto lo 
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
  1. Adjust this file to have the below contents and this will give your RPi a fixed and constant local IP to make it easier for future accessing (your IP configuration may be different depending what you got from ifconfig in Step 1 and route in Step 2).
auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.125
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
  1. Once entered, press Ctrl + X, type y and press enter to save the file.
  2. Restart the network service with the following:

sudo /etc/init.d/networking stop
sudo /etc/ init.d/networking start

  1. Static IP is now correctly configured. You can confirm your successful configuration by pinging your router (default gateway).

ping 192.168.0.1 -c5

Using Putty

Now you’ve configured your static IP, you should immediately be able to access your RPi via Putty, or any other SSH client from within the same network.

Click here to download Putty – you want putty.exe.

Once downloaded, run the executable and fill out the fields as below. Your port by default is 22 but your IP address is as configured previously. Your username should also be pi.

Using Putty

Open up the connection and click “Yes” when prompted. Type in your password for the user pi.

You have just successfully connected to your RPi, via SSH.

Change to public key authentication

Logging in using your Raspberry Pi’s user account name and password is a very weak measure of security, especially compared to public key authentication. Therefore I’m going to show you how to stay safe whilst remotely accessing your RPi, whether that be within your home network or outside of it.

  1. Download PuTTYgen and run the executable
  2. Click Generate and randomly move your mouse within the empty grey space
  3. Enter in a key passphrase. Make it a different password to the user account.
  4. Save both the public key and private key somewhere on your computer, ideally with the naming convention of “rpipublic” and “rpiprivate”. It’s good practice to have one key pair per machine, so if one gets compromised then at least you only have to recall 1 key == 1 machine.
  5. Copy the contents of the Public key up top: this key is compatible with OpenSSH.

Copy the public key

  1. Reconnect to your RPi as per the “Using Putty” section
  2. Enter the following commands, which will create the .ssh directory, give them appropriate permissions, and add the copied public key to authorized_keys – this file is used to authenticate public keys.

mkdir ~/.ssh
sudo nano ~/.ssh/authorized keys

  1. Right click your cursor over the terminal Window whilst the nano editor is open and this will paste your clipboard’s contents, and in our case it will paste the OpenSSH public key.
  2. Press CTRL + X, then type y and press enter to save the file
  3. Enter the below command to adjust the permission settings appropriately

sudo chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

  1. Update your PuTTY Configuration to use the private key; click your session and press Load, in the left hand panel expand SSH under Connection, select Auth, and Browse for “rpiprivate” from step 4. From the left hand panel, go back up to Session, and click Save.
  2. Start a new session, this time you will be authenticated using the public keys. So when prompted, enter in the pass phrase created in Step 3.
  3. Edit the sshd_config file to disable password authentication

sudo nano /etc/ssh/sshd_config

Find the lines where it says:

# Change to no to disable tunnelled clear text passwords
# PasswordAuthentication yes

Uncomment and change the boolean value to:

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
  1. Press CTRL + X, then type y and press enter to save the file
  2. Restart the SSH service with the following command:

sudo /etc/init.d/ssh restart

Now you’re all to set to start using public key authentication instead of password authentication with SSH.

Change default SSH port

This part is totally optional. Some say changing the port is security by obscurity, and if not configured properly it can actually make matters worse. It could only make matters worse if you choose a non-priviledged port, as pointed out by Joshua Thijssen. By using public key encryption instead of passwords, you shouldn’t need to worry about changing ports. None the less, here’s how to do it anyway.

  1. Type the below command to open up the SSH configuration file using nano:

sudo nano /etc/ssh/sshd_config

  1. On the fifth line down, you will see Port 22. Change it to something that you’re currently not occupying from this list and below 1024.
  2. Press Ctrl + X, type y and press enter
  3. Restart your SSH service with the following command:

sudo /etc/init.d/ssh restart

  1. Now within the Putty screen, ensure you alter the default Port 22 value to your newly configured port value.

This post is part of the Public Accessible Raspberry Pi File Server tutorial post.

Leave a Reply

Your email address will not be published. Required fields are marked *