ThinkingCog

Articles written by Parakh Singhal

Raspberry Pi and Passwordless SSH Login

In any modern operating system when you login, you are greeted with a login screen asking for your credentials. If you are the only user using the system, you may be spared the labor of filling in the username, but a password still will be required to login.

We can forgo the exercise of filling the password by virtue of asymmetric encryption. Asymmetric encryption makes two types of keys available – private and public. As the name suggests, public key can be made available to the public while the private key remain with the system which needs to do the authentication. In our case we will be logging into Raspberry Pi using SSH and will use key based authentication mechanism to login, forgoing the need of any password. Pi will send the public key over the wire to the host operating system running Putty which will then compare it with the companion private key. If a match is found, the user authenticates successfully. Note that the private keys never travels over the wire.

We need the following to make this a possibility:

1. PutTTYgen: To generate a pair of keys,

2. Pageant: To run in the background and maintain availability of the private key

Both the aforementioned software components come bundled with Putty, so if you have Putty installed, there’s a good chance that they are already installed on your system.

Generating a key pair

Open PuTTYgen and click on the “Generate” button generate a pair of keys. Make sure that “RSA” algorithm is selected with key strength of 2048 bits. Once generated, use the in-built facility and save the public and private keys to the folder which you consider save enough to retain your private key for future reference. DO NOT SHARE YOUR PRIVATE KEY WITH ANYONE.

Generate key pair with PuTTYgen

Now, the most important part. If you look at the format of the public key saved by PuTTYgen, you will find that it spawns multiple lines. It is un-usable in majority of the systems and exists only for reference. We need to copy the public key in the large “Key” window, which specifically makes the key properly formatted for use in OpenSSH based authentication systems.

02 PuTTYgen Keys Window

 

Copy the key into a simple text file and name it “authorized_keys” and remove the txt extension. This is the file that will be used by Raspbian Stretch operating system without any further configuration.

Now run the Pageant agent in your Windows system and add the private key generated previously. The private key should have an extension “ppk”. Pageant agent will run on the host operating system where from you want to connect and will keep the private key handy.

03 Pageant

Configuring Raspberry Pi

Now let’s configure our Raspberry Pi to accept key based authentication. Login the usual route with your username and password and follow the steps:

1. Create a .ssh folder (hidden folder) in the home directory of the user for whom you want to use key based authentication.

2. Copy over the public key (NOT PRIVATE KEY) that you generated previously and named “authentication_keys” to the folder. I used a thumb drive for the purpose.

3. Secure the key file and the .ssh folder. Only the user meant to use the key based authentication should be able to access the key file in read-only and executable capacity. The .ssh folder should be off limits to everyone else.

4. Restart the ssh service.

5. Logout and log back in with the username for which you enabled the key based authentication.

mkdir .ssh
sudo mount /dev/sda1 /mnt/usb
cp /mnt/usb/authorized_keys .ssh/
sudo chmod 500 .ssh/authorized_keys
sudo chmod 700 .ssh
ls -al /home/parakh .ssh/authorized_keys
sudo systemctl restart ssh

 

04 Commands Cropped

 

 

 

 

 

 

 

 

 

 

 

All this was made possible by the magic of asymmetric encryption.

05 Login Cropped

The good thing about this scheme is that if, for some reason the public key on Raspberry Pi gets corrupted, or the Pageant is not running in the background on the host operating system, then you get offered the good-old password challenge. I purposely exited the Peagent and as expected Pi challenged me with a password corresponding to my account.

06 login using password cropped

References:

1. Passwordless SSH access

ASP.Net Core MVC on Raspberry Pi

Key Takeaway:

.Net Core allows for a cross platform operation of applications on supported hardware and software. This extends to ASP.Net Core. In this post I am going to show how to run ASP.Net Core in self-contained deployment mode on Raspberry Pi 3.

Read On

In my last post I showed how to run a .Net Core console application in Raspberry Pi. In this post I am going to show how to run an ASP.Net Core Web application on Raspbian Stretch operating system using Raspberry Pi 3 hardware. Before you do that make sure that you have assigned a static IP address to Pi. You can learn how to do that in one of my previous post.

First create a new ASP.Net Core Web application project in Visual Studio which does not rely on any kind of authentication.

ASP.Net Core Web App

ASP.NET Core Web Application

02 No authentication

Web application with no authentication

Since the aim of this post is learn how to run an ASP.Net Core application on Pi, let’s keep things simple. We will not do any modification to any of the pages in the application. Build and run the application locally to make sure that it works.

03 ASP.Net Core app running

Web application running out of the box

The application is running locally using IIS Express and listening at the address mentioned in launchSettings.json file under Properties in the project hierarchy. When it comes to hosting the application in Pi, we need to makes sure that the application listens at the desired IP address and port. This is accomplished using the “UseUrls” method in Program.cs file. The “UseUrls” method specifies the URL scheme that the web host will use to listen to the incoming requests. Since we will be using the Kestrel web server via terminal in Pi, it is important that we change the port in the Program.cs file, as shown in the image. Make sure that the port that you assign is not in use by some other app in Pi.

04 Program.cs file

Change the port to something that is available in Pi

Now publish the entire application for linux-arm combination using the following command:

dotnet publish -r linux-arm

 

Now copy the entire publish directory to Pi. This will give us not only our application, but also the server infrastructure to serve the application. Make sure that you have the appropriate permission to run not only the application, but also the Kestrel server under your account. You can use the following command to recursively allow your account have the execute permission on all the assemblies inside the publish folder.

chmod –R 755 publish

 

Once that is done, execute the application:

05 Kestrel running

Kestrel running

Now hop into your browser in your computer and use the IP address of your Pi in conjunction of the port on which the Kestrel server is listening.

06 Application running locally

ASP.NET Core Web application being served by Pi

Happy exploration.