Page cover image

Setting up Raspberry PI with SSH

Using Raspberry Pi as a "Headless Operation"

Windows PowerShell

To SSH into your Raspberry Pi using PowerShell, follow these steps:

  • Open a terminal on the device you would like to SSH into your Raspberry Pi from. In these steps, we’re using Windows PowerShell.

  • To open PowerShell, either press Ctrl + Shift + P, or hit the Windows key and manually search for PowerShell.

  • Enter the following command to secure shell in:

  1. ssh [username]@[hostname].local

  2. ssh [username]@[IP address]

Replacing [username] and [hostname] or [IP address] with the details of your Raspberry Pi.

The details of your Raspberry Pi were established when you set up your operating system image here:

This is the command to enter:

PowerShell 7.4.1
PS C:\Users\YourName> ssh [email protected]

You will get asked to verify the fingerprint:

PS C:\Users\> ssh [email protected]

The authenticity of host 'wally.local (fe80::683c:264d:b345:4ddb%27)' can't be established.

ED25519 key fingerprint is SHA256:WnRqSpUwvuCvCEPjEng1oOfnljIXM4KP5IP1CKS8Q0Y.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])?

Since it’s your first time connecting to wally.local, your computer doesn’t recognise it.

Just like when you meet someone for the first time, your computer wants to make sure it’s safe to talk to wally.local.

ED25519 Key Fingerprint

  • Message: “ED25519 key fingerprint is SHA256:WnRSpUwvuCvCEPjEng1oOfnljIXM4KP5IP1CKS8Q0Y.”

  • Explanation: This is a digital fingerprint or identifier for wally.local. Just as humans have unique fingerprints, computers that use SSH have unique keys. This fingerprint helps verify that you are connecting to the computer you think you are connecting to.

Security Prompt

  • Message: “Are you sure you want to continue connecting (yes/no/[fingerprint])?”

  • Explanation: This is a security check. By saying “yes”, you’re telling your computer that you trust wally.local. Once you confirm, this fingerprint will be saved on your computer, so next time you won’t see this warning for wally.local.

What Should You Do?

  • First-time Connection: If you are sure that the address and the fingerprint shown are correct (you might recognise them, or have been given them by someone who manages wally.local), type “yes” and press Enter. This will add the fingerprint to a list of trusted hosts on your computer.

  • Subsequent Connections: If you connect again in the future, your computer checks this list. If the fingerprint matches, it connects without the warning; if not, it will warn you again, which might indicate something is wrong (like connecting to a different computer using the same name).

Why is This Important?

This process protects you from a cybersecurity threat called “Man-in-the-Middle” attacks, where someone could impersonate wally.local to steal information or cause harm.

By checking the fingerprint, you ensure that you are connecting directly to the real wally.local, not an impostor.

If you are comfortable with the security risk - type 'yes'

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added 'wally.local' (ED25519) to the list of known hosts.

Connection closed by fe80::683c:264d:b345:4ddb%27 port 22

This is the output

Warning: Permanently added 'wally.local' (ED25519) to the list of known hosts.

Connection closed by fe80::683c:264d:b345:4ddb%27 port 2

Step-by-Step Breakdown

Accepting the Host Key:

  • Message: "Warning: Permanently added 'wally.local' (ED25519) to the list of known hosts."

  • Explanation: By saying "yes," you told your SSH client that you trust the identity of the host wally.local.

  • The SSH client then added the host's ED25519 public key fingerprint to your computer's list of known hosts.

  • This list is used in future connections to verify that you're connecting to the same host as before. The purpose of this step is to prevent "man-in-the-middle" attacks by ensuring that, in future connections, you're connecting to the same server you initially verified and trusted.

This demonstrates the connection:

Linux wally 6.6.20+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.20-1+rpt1 (2024-03-07) aarch64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Apr 11 19:08:59 2024
willhannon@wally:~ $

Analyse the internet connection

The ifconfig command output shows information about the network interfaces on a Linux machine.

ifconfig

Here's a breakdown of what each part of the output means for the three interfaces listed: eth0, lo (loopback), and wlan0.

willhannon@wally:~ $ ifconfig

eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 2c:cf:67:2c:91:19  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 107

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 19  bytes 2280 (2.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 19  bytes 2280 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.68.70  netmask 255.255.252.0  broadcast 192.168.71.255
        inet6 fe80::62a8:8dd9:cb43:c3b1  prefixlen 64  scopeid 0x20<link>
        ether 2c:cf:67:2c:91:1a  txqueuelen 1000  (Ethernet)
        RX packets 1771  bytes 1952118 (1.8 MiB)
        RX errors 0  dropped 74  overruns 0  frame 0
        TX packets 1023  bytes 82936 (80.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

willhannon@wally:~ $

This is the Network analysis

eth0 Interface (Ethernet Interface)

  • State: It is up, indicating it is active, but it has no IP address assigned. This suggests it's not currently connected to a network or not configured to receive an IP address.

  • MAC Address: The hardware address is 2c:cf:67:2c:91:19.

  • Traffic: There are no transmitted or received packets, which indicates no data has been sent or received since the last reset or network interface initialization.

lo Interface (Loopback Interface)

  • State: It is up and running, indicating it's active and functioning.

  • IP Address: The IPv4 address is 127.0.0.1, which is the standard loopback address, allowing the system to communicate with itself.

  • Traffic: There are some packets transmitted and received, which is normal for the loopback interface as the system may use it for internal communication.

wlan0 Interface (Wireless LAN Interface)

  • State: It is up and running, and it's connected to a wireless network.

  • IP Address: The IPv4 address is 192.168.68.64 with a subnet mask of 255.255.252.0, and the broadcast address is 192.168.71.255.

  • IPv6 Address: It has an IPv6 address fe80::62a8:8dd9:cb43:c3b1, which is a link-local address.

  • MAC Address: The hardware address is 2c:cf:67:2c:91:1a.

  • Traffic: There have been 1771 received packets and 1023 transmitted packets, indicating active network communication.

  • RX Errors and Drops: No received errors, but there are 74 dropped packets, which could be due to various factors like weak signal strength, interference, or network congestion.

  • TX Errors: There are no transmission errors, suggesting the outgoing traffic is functioning well.

Summary

Your eth0 interface is not currently being used for network communication, your lo interface is working normally for internal system communications, and your wlan0 interface is actively connected to a network and communicating, although there are some dropped incoming packets that might need attention depending on the use case and network environment.

Finding the IP address of your Raspberry Pi

All you need to find out the IP address of your Raspberry Pi is to run the following command in the terminal.

hostname -I

The output:

willhannon@wally:~ $ hostname -I
192.168.68.64  <== This is the IP address

Your hostname, or IP address for your Raspberry Pi is 192.168.68.64

Last updated

Was this helpful?