vnc ssh
This stoy will be very similar to my last two about the Raspberry Pi, but in this case, we are going to use the new Raspberry Pi OS (previously Raspian) which is based on Debian Stretch (10) and a Raspberry Pi 4B with 4GB of RAM which I recently obtained.
这个花絮与我关于Raspberry Pi的最后两个非常相似,但是在这种情况下,我们将使用基于Debian Stretch(10)和4GB Raspberry Pi 4B的新Raspberry Pi OS(以前称为Raspian)。我最近获得的RAM。
There were enough differences with setting this one up in relation to the previous setups that I wrote about that it merited it’s own story. Some elements will be repeated, which I will do for the sake of those new to Raspberry Pi, but most will be new and hopefully will help newbies be more comfortable in using it.
相对于我之前写过的那篇值得称赞它的故事的设置,设置它有足够的差异。 某些元素将重复进行,这是我为Raspberry Pi所使用的新元素所做的,但是大多数将是新的,希望可以帮助新手更加舒适地使用它。
So, to start off, you’ll need your Raspberry Pi 4B. I strongly suggest you get at least the 4GB option (we’ll be using VNC, so that needs more RAM). If you can get the new 8GB version, even better, but the 4GB should really be the minimum, and I haven’t see the 8 GB on Amazon yet. After using this for about two weeks, I can honestly say you should not go lower if you are going to do anything graphical on it.
因此,首先,您需要Raspberry Pi 4B 。 我强烈建议您至少获得4GB的选项(我们将使用VNC,因此需要更多的RAM)。 如果可以获得新的8GB版本,甚至更好,但是4GB确实是最低要求,而我还没有在亚马逊上看到8GB。 使用此约两周后,我可以诚实地说,你不应该再低,如果你打算做任何事情的图形。
You will also need a micro SD card. Again, after trying different cards, I can 100% now say it is much better to get the 32GB SanDisk Extreme Pro. I was really surprised at what a difference it made with writing speeds. Just splurge, you will thank yourself later.
您还需要一个微型SD卡。 再次,尝试不同的卡后,我可以100%,现在说这是更好的获得32GB的SanDisk Extreme Pro的 。 我对写入速度的变化感到非常惊讶。 挥霍一下,您稍后会感谢您。
As for powering it up, as long as your cellphone charger is USB-C and can shoot out at least 15 Watts, you should be fine, if you don’t want to overclock, but I would highly suggest that you use only 18 Watts or higher if you are going to follow the whole tutorial here. I was using my Samsung Note 10+ charger (25 Watts) and cable with it and it worked perfectly. I can’t vouch for other chargers, but this worked like a charm.
至于加电,只要您的手机充电器是USB-C且可以发射至少15瓦的电量,就可以了,如果您不想超频,那么我强烈建议您仅使用18瓦或更高版本(如果您要在此处关注整个教程)。 我正在使用我的Samsung Note 10+充电器 (25瓦)和电缆,它运行良好。 我不能担保其他充电器,但这就像一个魅力。
Now that we have those three crucial elements, let’s get the image for Raspberry Pi OS here. We are going to download the version with the desktop. This version is still 32-bit, but they are already starting to work on the 64-bit version, which should come out around October hopefully. It’s still feels fast as it is, so you won’t feel like you’ve missed anything for it not being 64-bit.
现在我们有了这三个关键要素,让我们在此处获得Raspberry Pi OS的映像。 我们将在桌面上下载该版本。 这个版本仍然是32位的,但是他们已经开始在64位版本上工作,该版本有望在十月份左右发布。 它依旧感觉很快,所以您不会因为没有使用64位而错过任何东西。
It’s already a ZIP file, so we don’t need to fight the format to flash it. For flashing (setting up the image on the micro SD card) we can use either the Chrome Recovery Utility or Balena Etcher. I like Chrome Recovery more just because it’s more universal and can be used on Chromebooks to do the process.
它已经是一个ZIP文件,因此我们不需要争夺格式即可对其进行刷新。 要进行闪烁(在micro SD卡上设置图像),我们可以使用Chrome Recovery Utility或Balena Etcher 。 我更喜欢Chrome恢复,只是因为它更具通用性,并且可以在Chromebook上使用它来完成此过程。
After you have that installed, fire it up and click on the blue button “Get started”, then in the upper right-hand corner, click on the cog, and then, “Use local image”. Here, you’ll select the zip file downloaded previously. Then, select your SD card from the drop-down list. Afterwords, click on “Continue”. It will then tell you that the SD card will be completely erased and formatted. Then, click on “Create now” to get that set up.
安装完之后,启动它,然后单击蓝色按钮“开始使用”,然后在右上角单击齿轮,然后单击“使用本地图像”。 在这里,您将选择先前下载的zip文件。 然后,从下拉列表中选择您的SD卡。 后记,单击“继续”。 然后它会告诉您SD卡将被完全删除并格式化。 然后,单击“立即创建”进行设置。
At the end of the process, which will take about 15 minutes, it will tell you that you can eject the Storage Device. Do NOT take it out or eject it yet! Just close the Chrome Recovery Utility and head on over to your file manager.
在此过程的最后(大约需要15分钟),它将告诉您可以弹出存储设备。 不要把它拿出来或者还弹出! 只需关闭Chrome Recovery Utility,然后转到文件管理器即可。
Here, in the boot folder, we are going to change one file, and add two others. First, you need to add a file called ssh . You are not going to put anything inside it, and you don’t add a .txt at the end. You just create it and add it to the folder, so that when the Raspberry Pi starts up, it will let us ssh into it.
在这里,我们将在boot文件夹中更改一个文件,并添加另外两个文件。 首先,您需要添加一个名为ssh的文件。 您不会在其中添加任何内容,也不会在末尾添加.txt。 您只需创建它并将其添加到文件夹中,以便在Raspberry Pi启动时,它可以让我们使用ssh进入它。
Then, you’ll create another file, called wpa_supplicant.conf . In this file you will add the following:
然后,您将创建另一个文件wpa_supplicant.conf 。 在此文件中,您将添加以下内容:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1country=USnetwork={ ssid="network name" psk="networkpassword" }Here, for network name you put your WiFi network name. Then for networkpassword, put your password for your WiFi. In both cases, leave the quotation marks. This you then save and close.
在这里, 网络名称你把你的WiFi网络名称。 然后,对于networkpassword ,输入您的WiFi密码。 在两种情况下,都请保留引号。 然后保存并关闭。
Finally, we need to find and modify a file called config.txt . We need to add these three lines at the end:
最后,我们需要找到并修改一个名为config.txt的文件。 我们需要在末尾添加以下三行:
over_voltage=6 arm_freq=1800 gpu_freq=600You could put them in other specific places in the file, but it’s not necessary. Just throw them at the end, save, and close.
您可以将它们放在文件的其他特定位置,但这不是必需的。 只需将它们扔到最后,保存并关闭即可。
Make sure you have a heat sink and fan for the Raspberry Pi to overclock, or it will overheat and/or break!
确保您有散热器和风扇以使Raspberry Pi超频,否则它将过热和/或损坏!
For this, you can use the following MazerPi case, (strictly a suggestion).
为此,您可以使用以下MazerPi case ,(严格建议)。
To create and edit all these, I use Caret (a universal Markdown text editor that works on any laptop).
要创建和编辑所有这些内容,我使用Caret (可在任何笔记本电脑上使用的通用Markdown文本编辑器)。
Once that is done, insert the micro SD card into the Raspberry Pi and plug in the power source to have it start up. You’ll need to wait about a minute for it to get up and running. After that, If you have an Android or iOS phone handy, just install WiFi Man, which, under the tab “Discover”, will allow you to find the IP address of the Raspberry Pi. Make sure you are on the same WiFi Network that you put in the wpa_supplicant.conf file. In many cases, it won’t have a name, just “generic” so you’ll have to know what other devices are connected to the network to figure out which one it is.
完成后,将micro SD卡插入Raspberry Pi中,并插入电源以使其启动。 您需要等待大约一分钟才能启动并运行它。 之后,如果您有Android或iOS手机,只需安装WiFi Man ,它在“ Discover”选项卡下,将允许您查找Raspberry Pi的IP地址。 确保您位于与wpa_supplicant.conf文件相同的WiFi网络中。 在许多情况下,它没有名称,只有“通用”名称,因此您必须知道连接到网络的其他设备是哪一个。
If you have access to a terminal, you can use nmap:
如果可以访问终端,则可以使用nmap:
sudo apt-get install net-tools nmap -yThen, just use ip route | grep default to find the your Gateway IP, and then run nmap -sP 196.168.0.1/24 (changing the 0.1 to the numbers that come out from ip route). You may have to change all four numbers, but what stays the same is the /24 at the end.
然后,只需使用ip route | grep default ip route | grep default会找到您的网关IP,然后运行nmap -sP 196.168 .0.1 /24 (将0.1更改为从ip路由输出的数字)。 您可能必须更改所有四个数字,但保持不变的是末尾的/ 24 。
In the extreme case that you never see the IP address come up, you might be forced to either connect by ethernet to set things up, or briefly connect to a TV or montor with an HDMI cable to see the IP address there, but most of the time, this is enough.
在极端情况下,您永远不会看到IP地址,您可能会被迫通过以太网进行连接以进行设置,或者使用HDMI电缆短暂连接至电视或显示器以查看IP地址,但是大多数情况下时间,这足够了。
Now that we have the IP address, let’s ssh into the pi (by typing ssh pi@IP_ADDRESS) to start configuring. The first thing we need to do is update the password by typing passwd. It will ask you to type in raspberry and then change it to something else. Then we need to update everything.
现在我们有了IP地址,让我们通过ssh进入pi(通过输入ssh pi@IP_ADDRESS )开始配置。 我们需要做的第一件事是通过键入passwd来更新密码。 它将要求您输入树莓派 ,然后将其更改为其他名称。 然后,我们需要更新所有内容。
sudo apt-get update && sudo apt-get full-upgradeAfter that is done, let’s update the firmware if you haven’t already and reboot:
完成此操作后,如果尚未更新固件 ,请重新启动:
sudo apt install rpi-eeprom -y sudo rpi-eeprom-update sudo rpi-eeprom-update -asudo rebootNow, let’s ssh back in and fix the WiFi. The WiFi is very “fragil” I’ve found on the Raspberry Pi. If you do something wrong, the network manager basically breaks. After playing around for hours, I found the best way to control it was using wicd-curses which works very well in the terminal. For this to work, we’ll install it and get rid of the previous network manager. To install, type the following:
现在,让我们重新插入并修复WiFi。 我在Raspberry Pi上发现的WiFi非常脆弱。 如果您做错了什么,则网络管理员基本上会崩溃。 在玩了几个小时之后,我发现控制它的最佳方法是使用wicd-curses ,它在终端机中表现很好。 为此,我们将安装它并摆脱之前的网络管理器。 要安装,请键入以下内容:
sudo apt-get install wicd-cursesAfter that is installed you just type sudo wicd-curses to start it and then, using arrows and upper case letters, we’ll set up the connection.
安装完成后,您只需键入sudo wicd-curses即可启动它,然后使用箭头和大写字母设置连接。
Using your down arrow key, highlight the network that you are already connected to (it should be in green), then click on the right arrow key for configuration. Click on the down arrow key until you get to the key, and type in the password for the network, then go up (with the up arrow key) until you get to “automatically connect” and click on the space bar to select it (an x should present itself).
使用向下箭头键,突出显示您已连接的网络(应该为绿色),然后单击右箭头键进行配置。 单击向下箭头键,直到找到该键 ,然后输入网络密码,然后向上(使用向上箭头键)直到“自动连接”,然后单击空格键将其选中( x应该显示出来)。
Then, type Shift S to save and Shift Q to quit wicd-curses. Now, we have to get rid of the previous network manager by typing the following and rebooting.
然后,按Shift S键保存并按Shift Q键退出wicd-curses。 现在,我们必须通过键入以下内容并重新启动来摆脱以前的网络管理器。
sudo systemctl disable dhcpcdsudo rebootThis will also disconnect us from the SSH session, but once it’s rebooted, it should have connected to the WiFi we configured previously and then allow us to ssh into the Raspberry Pi again. From then on, you just use sudo wicd-curses to configure your wifi.
这也将使我们与SSH会话断开连接,但是一旦重新启动,它应该已经连接到我们先前配置的WiFi,然后允许我们再次通过SSH进入Raspberry Pi。 从那时起,您只需使用sudo wicd-curses配置您的wifi。
Just make sure that you add your cellphone hotspot as an option to automatically connect to so that, when you leave your house, you can connect to that first and then use wicd-curses to conect to another WiFi Network. Do not add any other WiFi network to wicd until you have rebooted after having added only the WiFi you were previously connected to, otherwise it may disconnect from everything given that the other WiFi network manager will be in conflict.
只需确保添加手机热点作为自动连接的选项即可,这样,当您离开家时,可以先连接到该热点 ,然后使用wicd-curses连接到另一个WiFi网络。 不要将 任何其他无线网络添加到WICD直到您 已经添加 只有 你以前连接到WiFi 后 重新启动 ,否则可能会从断开的一切考虑到其他WiFi网络管理员会发生冲突。
It is also very important to make sure that you add the password and select “Automatically connect to this network” to the network you were already connected to before rebooting, as we mentioned above (in green), otherwise, wicd won’t have that info, because it was only saved in the previous network manager that we will disable, so don’t forget…
确保您添加密码并在重新启动之前将“自动连接至该网络”选择为已连接的网络,这一点也非常重要,如上所述(绿色),否则,wicd将不会具有该密码信息,因为它仅保存在我们将禁用的以前的网络管理器中,所以请不要忘记…
Now that we are done with configuring the WiFi, let’s configure Bluetooth.
现在我们已经完成了WiFi的配置,让我们配置蓝牙。
First, let’s just add the following packages (some of which are already installed, but just in case…)
首先,让我们添加以下软件包(其中一些已经安装,但以防万一……)
sudo apt-get install bluetooth bluez pi-bluetooth python-dev libbluetooth-dev python3-pip -y && sudo pip3 install pybluez adafruit-ampyAfter that is done, we’ll jump into the following file with Vim (If you don’t know how to use Vim, please see my story about it here):
完成之后,我们将使用Vim跳入以下文件(如果您不知道如何使用Vim,请在此处查看我的故事):
sudo vim /etc/systemd/system/dbus-org.bluez.serviceThen we need to modify a line so that it ends in -C and add another line right below it so that they look like this below. After that, save and close (with :x) and then sudo reboot
然后,我们需要修改一行,使其以-C结尾,并在其下方添加另一行,以使它们如下所示。 之后,保存并关闭(使用:x ),然后sudo reboot
ExecStart=/usr/lib/bluetooth/bluetoothd -CExecStartPost=/usr/bin/sdptool add SPOnce we ssh in again we’ll type the command sudo service bluetooth start and then sudo bluetoothctl to enter into the shell to run each of the following commands:
再次ssh进入后,我们将输入命令sudo service bluetooth start ,然后输入sudo bluetoothctl进入shell以运行以下每个命令:
power onpairable ondiscoverable onagent ondefault-agentquitAfter that, just type bluetoothctl scan on and then, when you find the MAC address of a Bluetooth device, just type the following commands to connect and trust (changing the MAC address to your device’s), and you’re done.
之后,只需bluetoothctl scan on ,然后在找到蓝牙设备的MAC地址时,只需键入以下命令进行连接和信任(将MAC地址更改为设备的MAC地址)即可。
bluetoothctl pair 40:HR:32:46:GH:00bluetoothctl trust 40:HR:32:46:GH:00For our final configuration, we want to set up VNC so we can open the GUI of our Raspberry Pi from anywhere, (in this case, on an iPad Pro) in the right resolution.
对于我们的最终配置,我们想设置VNC,以便我们可以从任何位置以正确的分辨率(在本例中为iPad Pro)打开Raspberry Pi的GUI。
First we need to make sure we have realvnc installed (it should already be there, but just in case):
首先,我们需要确保已经安装了realvnc(它应该已经存在,但以防万一):
sudo apt-get install realvnc-vnc-serverThen we’ll type sudo raspi-config, and with down arrow, navigate to Interfacing Options > ENTER > VNC > ENTER and select Yes > ENTER > OK > ENTER. To get out, just press the tab key twice to go down to <Finish>.
然后,我们将输入sudo raspi-config ,并使用向下箭头导航至“ 接口选项” >“输入”>“ VNC” >“输入”,然后选择“ 是” >“输入”>“ 确定” >“ 输入。 要退出,只需按两次Tab键即可进入<Finish> 。
You can actually do a lot of stuff in the raspi-config area, so take a look around to see what options there are.
实际上,您可以在raspi-config区域中做很多事情,因此请四处看看以了解有哪些选项。
After that, we need to configure the vncserver. For this, we’ll have to jump into the following file: sudo vim /root/.vnc/config.d/vncserver-x11 and then Replace Authentication=SystemAuth with Authentication=VncAuth and save the file. If there is nothing there, just add Authentication=VncAuth at the end and close.
之后,我们需要配置vncserver。 为此,我们必须跳入以下文件: sudo vim /root/.vnc/config.d/vncserver-x11 ,然后将Authentication=SystemAuth替换为Authentication=VncAuth并保存文件。 如果没有任何内容,只需在末尾添加Authentication=VncAuth并关闭。
Then, in the command line, run sudo vncpasswd -service so that you can set a password that you’ll need to connect with. To finish, we’ll type service vncserver restart . It will spit out errors. You can ignore all of it and just type clear to clear the screen.
然后,在命令行中,运行sudo vncpasswd -service以便您设置连接所需的密码。 最后,我们将输入service vncserver restart 。 它将吐出错误。 您可以忽略所有内容,只需键入clear即可清除屏幕。
Once that is done, then we’ll edit this file:sudo vim /boot/config.txt and change the following:
完成后,我们将编辑此文件: sudo vim /boot/config.txt并更改以下内容:
First, comment out the following line (careful, there is another line with the same name commented out, you need to comment out the one that is still active):
首先,注释掉以下行(注意,另一行注释掉了相同的名称,您需要注释掉仍处于活动状态的那一行):
# dtoverlay=vc4-kms-v3dThen, uncomment and change the following two lines (if you are on an 11 inch iPad Pro):
然后,取消注释并更改以下两行(如果您使用的是11英寸iPad Pro):
framebuffer_width=1060framebuffer_height=740To finish off, we have to do one strang thing I found for this to finally work, which is to go back to sudo raspi-config then with the down arrow go to Advanced options > ENTER > Resolution > ENTER and then choose the following resolution:
最后,我们必须做一件事,我发现它最终可以起作用,那就是回到sudo raspi-config然后用向下箭头转到“ 高级选项” >“输入”>“ 分辨率” >“输入”,然后选择以下分辨率:
I have yet to understand why this is necessary, but it’s the only way I have found that let’s me use the vncserver. After that, you will need to reboot with sudo reboot. When you ssh back in, type vncserver to start running the server (and then vncserver -kill :1 to stop it).
我还不明白为什么这样做是必要的,但这是我发现使用vncserver的唯一方法。 之后,您将需要使用sudo reboot 。 ssh重新登录时,键入vncserver以开始运行服务器(然后输入vncserver -kill :1使其停止)。
Once you have the vnc server running, we can use any VNC app we have in the App Store. I use Jump Desktop because it has good Magic Mouse and Trackpad support.
一旦运行了vnc服务器,我们就可以使用App Store中拥有的任何VNC应用程序。 我使用Jump Desktop是因为它具有良好的Magic Mouse和Trackpad支持。
Click on the + icon, put in your Raspberry Pi IP address (the one below is just an example, so change it to your own) and select vnc, leaving the port at 5900, then Save, then connect and put in your password for your vncserver.
单击+图标,输入您的Raspberry Pi IP地址(下面的示例只是一个示例,因此将其更改为您自己的),然后选择vnc,将端口保留为5900,然后保存,然后连接并输入密码您的vncserver。
You should have something like this below when you finally enter:
最终输入时,您应该在下面输入以下内容:
It should be in the exact same resolution as your 11 inch iPad Pro so as not to have to pan around. It will then ask you to change the time zone after you click on Next, and continue to ask you questions until it is satisfied that everything was set up correctly.
它的分辨率应与11英寸iPad Pro完全相同,以免摇晃。 然后,在单击下一步后,它将要求您更改时区,并继续问您问题,直到对所有设置均满意为止。
We can also add two-factor authentication to our Raspberry Pi to make it more secure. We’ll start by editing the following:
我们还可以在Raspberry Pi中添加两因素身份验证,以使其更加安全。 我们将从编辑以下内容开始:
sudo vim /etc/ssh/sshd_configThen, we’ll change the following from ‘no’ to ‘yes’
然后,我们将以下内容从“否”更改为“是”
ChallengeResponseAuthentication yesThen, we’ll type sudo systemctl restart ssh and then install google-authenticator:
然后,我们将输入sudo systemctl restart ssh ,然后安装google-authenticator:
sudo apt-get install libpam-google-authenticatorThen, just run it with google-authenticator without the sudo.
然后,只需使用带有sudo的google-authenticator运行它即可。
After that, it will start asking you four questions, and either at the beginning (or after the first or second question) print out the QR code that you can try and scan with your autheticator app (I use Authy for now). I say “try and scan” because it didn’t come out correctly for me and it didn’t scan, but right under the QR code is says “Your new secret key is: KEY” and with that key you can type it into the authenticator app and it works fine to register it. As well, it would be a good idea to jot down the emergency scratch codes for backup. The four questions are the following:
之后,它将开始向您询问四个问题,然后在开始时(或在第一个或第二个问题之后)打印出您可以尝试使用身份验证器应用程序扫描的QR码(我现在使用Authy)。 我说“尝试并扫描”是因为它对我来说不正确,并且也没有扫描,但是在QR码下面是“您的新秘密密钥为: KEY ”,然后您可以使用该密钥将其键入身份验证器应用程序,可以很好地进行注册。 同样,记下紧急暂存代码进行备份也是一个好主意。 四个问题如下:
Do you want me to update your "/home/pi/.google_authenticator" file? (y/n) yDo you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in—the-middle attacks. (y/n) y... this will permit for a time skew of up to 4 minutes between client and server. Do you want to do so? (y/n) n... you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attemps every 30s. Do you want to enable rate-limiting?s (y/n) yFor these questions, we will answer ‘y’ for all of them, except the third, which will be ’n’.
对于这些问题,我们将对所有问题回答“ y”,但第三个问题回答为“ n”。
Finally we will edit the following: sudo vim /etc/pam.d/sshd and we will make sure that we have the following at the beginning, adding the extra lines:
最后,我们将编辑以下内容: sudo vim /etc/pam.d/sshd并确保在开始时添加了以下内容:
# Standard Un*x authentication.@include commom-auth#2FAauth required pam_google_authenticator.so# Disallow non-root logins when /etc/nologin exists. account required pam_nologin.soTo finish off, we’ll type sudo systemctl restart ssh .
最后,我们将输入sudo systemctl restart ssh 。
Be very careful to follow the instructions for two-factor authentication, otherwise you’ll be locked out of your Pi. You may want to have two ssh sessions open at the same time just to make sure it worked.
请务必按照两因素身份验证的说明进行操作,否则您将无法进入Pi。 您可能希望同时打开两个ssh会话,以确保它可以正常工作。
Keep in mind that there is a bug in the Blink Shell right now, and if you try and use this for saved Hosts it will give an error: Did not find remote IP address. Until they fix it, you’ll need to mosh the IP manually. As well, using mosh sometimes makes Blink crash. Just keep that in mind before using it.
请记住,Blink Shell中目前存在一个错误,如果您尝试将其用于已保存的主机,则会出现错误: 未找到远程IP地址 。 在他们修复它之前,您需要手动修剪IP。 同样,使用mosh有时会使Blink崩溃。 使用前请记住这一点。
Even though two-factor auth is good, using ssh with a certificate is better. If you are only going to ssh into the raspberry pi with one or two devices, the best would be to get rid of passwords all together and just use a certificate. This is quite straightforward in the Blink Shell. You just type the following (substituting IP for your pi IP address):
尽管两因素身份验证很好,但将ssh与证书一起使用会更好。 如果您只打算使用一两个设备登录到树莓派,则最好的办法是一起删除所有密码,而仅使用证书。 这在Blink Shell中非常简单。 您只需键入以下内容(用IP替换您的pi IP地址):
ssh-copy-id id_rsa pi@IPIt will ask you to type ‘yes’ and then put your password in one last time, and from then on, it won’t ask for the password anymore.
它将要求您键入“是”,然后最后一次输入密码,此后,它将不再要求输入密码。
Now, if you are using ssh from another Linux terminal, then you would first create the ssh keys with ssh-keygen -t rsa , hitting enter three times until it finishes. Then you would just run ssh-copy-id pi@IP .
现在,如果您正在其他Linux终端上使用ssh,则首先应使用ssh-keygen -t rsa创建ssh密钥,并按Enter三次直至完成。 然后,您只需运行ssh-copy-id pi@IP 。
Now, if you want to make sure that passwords are no longer used at all (presupposing that you already added the devices you want that are going to ssh into the pi), then we can open the following file:
现在,如果您要确保不再使用密码(假设您已经添加了要通过ssh进入pi的设备),那么我们可以打开以下文件:
sudo vim /etc/ssh/sshd_configand uncomment / change the following three to ‘no’:
并取消注释/将以下三个更改为“否”:
ChallengeResponseAuthentication noPasswordAuthentication no UsePAM noAfter doing this, just type sudo systemctl restart ssh and then the only way to enter the Raspberry Pi will be with the ssh certificate.
完成此操作后,只需键入sudo systemctl restart ssh ,然后进入Raspberry Pi的唯一方法就是使用ssh证书。
Now, this works fine for ssh, but you will hit an error if you try and mosh into the Raspberry Pi with only the certificate if you haven’t changed the Localization Options previously. So, just enter by ssh and then type sudo raspi-config and then go to Localization Options and then to Change Locale and then selecting en_US.UTF-8 UTF-8 (or your country) by clicking on the space-bar, then tab to select <Ok> and then enter to save. Make sure you unselect the country that was pre-selected before you made that change before leaving that section.
现在,这个工作正常SSH,但如果你尝试,如果你还没有改变本地化选项之前,你会打一个错误, 狂舞到树莓派,只有证书。 因此,只需按ssh输入,然后键入sudo raspi-config ,然后转到“ 本地化选项” ,然后转到“ 更改语言环境” ,然后通过单击空格键然后选择“ en_US.UTF-8 UTF-8 (或您所在的国家)”选择<确定>,然后输入保存。 在进行更改之前,请确保取消选择预先选择的国家/地区,然后再离开该部分。
As well, keep in mind that reverse ssh does not work with mosh yet, and if you only allow certificates to get in, you will have to save the public key of the GCP in the Raspberry Pi (using ssh-keygen -t rsa && cat ~/.ssh/id_rsa.pub to get it), and saving it in .ssh/authorized_keys in the pi. To learn more about reverse ssh, you can see my story here.
同样,请记住,反向ssh尚不适用于mosh,如果仅允许证书进入,则必须将GCP的公钥保存在Raspberry Pi中(使用ssh-keygen -t rsa && cat ~/.ssh/id_rsa.pub获取),并将其保存在pi中的.ssh/authorized_keys中。 要了解有关反向ssh的更多信息,请在这里查看我的故事。
With that, we have finally finished configuring everything necessary to use your Raspberry Pi (especially in relation to the iPad). If you would like to see a video tutorial on this, you can go here. Cheers.
至此,我们终于完成了使用Raspberry Pi所需的所有配置(尤其是与iPad有关的配置)。 如果您想观看有关此主题的视频教程,可以转到此处 。 干杯。
Disclaimer: Some links in this article are affiliated (from Amazon). You are under no obligation to click on or use them. They are merely suggestions and are used because I wanted to help the reader find these things more easily, and was going to use links for this purpose either way.
免责声明:本文中的某些链接是附属的(来自Amazon)。 您没有义务点击或使用它们。 它们只是 建议 ,因此被使用是因为我想帮助读者更轻松地找到这些东西,并且打算以任何一种方式为此目的使用链接。
翻译自: https://medium.com/jj-innovative-results/configure-ssh-overclocking-firmware-wifi-bluetooth-and-vnc-for-a-headless-rasperry-pi-4b-with-5dca33498eae
vnc ssh
