Raspberry Pi – Enabling and Securing SSH for Use with RPI SSH Pro

Support → RPI SSH Pro
, ,
1

In this guide, I will show you how to enable SSH access on Raspberry Pi and how to configure it securely for use with the RPI SSH Pro application.

This guide also includes instructions for other Linux distributions.

:one: Enabling SSH on Raspberry Pi OS

Method 1 – Using raspi-config

In the terminal:

sudo raspi-config

Navigate to:

Interface Options → SSH → Enable

Then reboot the system:

sudo reboot

Method 2 – Headless setup

If you are booting from a freshly installed SD card:

  1. Insert the SD card into your computer.
  2. On the boot partition, create an empty file named:
ssh

(no file extension)

On first boot, SSH will be automatically enabled.

:two: Verifying the SSH Service

On the Raspberry Pi:

sudo systemctl status ssh

If it is not running:

sudo systemctl enable ssh
sudo systemctl start ssh

:three: Initial Security Steps (Strongly Recommended)

:locked_with_key: Change the Default Password

If you are using the default pi user, change the password immediately:

passwd

:locked: Disable Password Authentication (Advanced)

It is recommended to use SSH key-based authentication instead of passwords.

Open the configuration file:

sudo nano /etc/ssh/sshd_config

Set:

sudo nano /etc/ssh/sshd_config

PasswordAuthentication no

Then restart SSH:

sudo systemctl restart ssh

:four: Remote (Internet) Access – IMPORTANT

:warning: It is not recommended to expose port 22 directly to the internet.

A safer solution:

:white_check_mark: Use a VPN (Recommended)

You can use:

After connecting via VPN, your Raspberry Pi will be accessible as if you were on the local network.

This is significantly more secure than port forwarding.

:five: Enabling SSH on Other Linux Distributions

Ubuntu / Debian

sudo apt update
sudo apt install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh

Fedora / CentOS / RHEL

sudo dnf install openssh-server
sudo systemctl enable sshd
sudo systemctl start sshd

Arch Linux

sudo pacman -S openssh
sudo systemctl enable sshd
sudo systemctl start sshd

:six: Configuration in RPI SSH Pro

Host: Raspberry Pi IP address

Port: 22

Username: System user

Authentication: Password

On the first connection, the application:

  • Prompts for your password
  • Automatically retrieves and stores the server’s SSH host key

This ensures that future connections can verify the server’s identity.

:warning: Common Errors

Connection refused

→ SSH is not enabled

Connection timed out

→ Firewall or network blocking the connection

Permission denied

→ Incorrect authentication

:locked_with_key: What Is an SSH Host Key and Why Is It Important?

When you connect to a server via SSH for the first time, the server sends a host key (an identification key) to the client.

This key:

  • Is unique to the machine
  • Acts as the server’s digital fingerprint
  • Helps prevent Man-in-the-Middle (MITM) attacks

RPI SSH Pro, on the first successful connection:

  • Retrieves the server’s host key
  • Stores it securely
  • Verifies it on subsequent connections

If the host key changes (for example, after reinstalling the system), the application:

  • Displays a warning
  • Indicates that the server identity differs from the previously stored key
  • Updates (replaces) the stored key only after user approval

This ensures that accepting a new server identity is always a conscious decision.

:warning: If a host key changes unexpectedly, always verify that you are connecting to the correct server.

:speech_balloon: Need Help?

Please provide:

  • In case of SSH error, read the post here first
  • Linux distribution used
  • Exact error message
  • Local or VPN connection
  • Whether the SSH port was modified