If you’re running a Raspberry Pi that’s reachable from the Internet — such as through 44Net, or any public-facing IP — security should be your top priority.
One of the most important steps you can take is to disable password logins and use SSH keys instead.
Why Passwords Are a Problem
Password authentication over SSH might feel convenient, but it’s one of the biggest security weaknesses for exposed systems:
• Brute-force attacks — Bots continuously scan IPv4 and IPv6 ranges trying common usernames like pi, admin, or ubuntu.
• Leaked credentials — If you’ve reused a password elsewhere and that service gets breached, attackers can easily try it against your Pi.
• Keylogging and phishing — Passwords can be intercepted if you log in from an insecure machine or network.
Even strong passwords can’t match the security of asymmetric cryptography used by SSH key pairs.
What SSH Keys Are (and Why They’re Better)
SSH keys are a pair of cryptographic files:
• Private key — stays safely on your local machine.
• Public key — stored on your Raspberry Pi.
When you connect, your client proves it has the private key that matches the public one — no password ever travels over the network.
Benefits:
• Uncrackable by brute force.
• No passwords stored on the Pi.
• Easy to manage multiple devices.
• Works with Raspberry Pi Imager for completely password-free setup.
Generating SSH Keys on macOS, Linux, or Windows
You can create an SSH key pair in seconds.
Step 1: Open a terminal
• macOS or Linux: open Terminal
• Windows 10/11: open PowerShell (or Windows Terminal)
Step 2: Generate the key pair
Run:
ssh-keygen -t ed25519 -C "your_email@example.com"
• -t ed25519 uses a modern, secure algorithm.
• -C adds a helpful label to identify the key.
Press Enter to accept the default save location (~/.ssh/id_ed25519), and optionally set a passphrase for extra protection.
Here is an example session:
PS C:\Users\dg> ssh-keygen -t ed25519 -C "test_keys"
Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\dg/.ssh/id_ed25519):
Created directory 'C:\\Users\\dg/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\dg/.ssh/id_ed25519
Your public key has been saved in C:\Users\dg/.ssh/id_ed25519.pub
The key fingerprint is:
xxxxxxxx
The key's randomart image is:
xxxxxxx
Step 3: Confirm the files
Next type:.
cd .ssh
dir
You should see:
id_ed25519 # private key
id_ed25519.pub # public key
The contents of .pub file is what you’ll copy into Raspberry Pi Imager.
type id_ed25519.pub
Step 4: Adding the SSH Key in Raspberry Pi Imager (When You First Set Up Your SD Card)
Raspberry Pi Imager (v1.7 or newer) makes this easy:
A. Install/open Raspberry Pi Imager (https://www.raspberrypi.com/software/ ) on your Mac or PC.
B. Choose your device, OS, storage, and click NEXT.
C.
You will then see an option that says EDIT SETTINGS.
D. On the next screen click on Services
E. Check Enable SSH
F. Select Allow public-key authentication only.
G. If you created your key on the same machine, it will automatically be filled in for you.
H. Otherwise, paste your public key (the contents of id_ed25519.pub).
I. Press SAVE
J. Press YES to write your card
When the Pi boots for the first time, your public key will be preloaded in /home/pi/.ssh/authorized_keys.
Connecting to Your Pi Securely
Once it’s powered up and online:
ssh pi@<your.pi.ip.address>
If everything is set up correctly, you’ll connect without typing a password.
Summary
Switching to SSH keys takes a few minutes but can save you hours of cleanup after a compromise.
If your Raspberry Pi is exposed to the Internet — especially on 44Net, or publicly accessible in any way (like poking a hole in your home firewall) — using SSH keys isn’t just good practice, it’s essential.
73
Comments
Post a Comment