WinSCP and SSH on the Raspberry Pi

One of the essential tools I use on a constant basis when working with my Raspberry Pi is WinSCP. It allows me to to securely view, edit and transfer files from my primary Windows computer to my Pi. Also, issues involving file permissions can easily be avoided or resolved.

Configure Raspberry Pi:

Before we can use WinSCP, the Raspberry Pi needs to be setup to accept SSH (Secure Shell) connections. To enable/disable SSH on the Raspberry Pi, we need to log into the unit and issue:  sudo raspi-config from the terminal.

capture_raspi_config     capture_raspi_config_advance

After SSH is enabled, no other configuration changes should need to be made. For advanced configurations, different options in the SSH configuration file can be set. For example, for security reasons, the default port number (port 22) can be changed to something more obscure to avoid port scanning hacking techniques.

sudo cp /etc/ssh/ssh_config /etc/ssh/ssh_config.backup
sudo nano /etc/ssh/ssh_config
sudo /etc/init.d/ssh restart

capture_raspi_ssh     capture_raspi_ssh_config

The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses. However, many unofficial uses of both well-known and registered port numbers occur in practice. The port numbers in the range from 0 to 1023 are the well-known ports or system ports. They are used by system processes that provide widely used types of network services. The range of port numbers from 1024 to 49151 are the registered ports. They are assigned by IANA for specific service upon application by a requesting entity. On most systems, registered ports can be used by ordinary users. The range 49152–65535 contains dynamic or private ports that cannot be registered with IANA. This range is used for custom or temporary purposes and for automatic allocation of ephemeral ports.

Wikipedia (List of TCP and UDP port numbers)

Configure WinSCP for Elevated Permissions:

When WinSCP logs into the Raspberry Pi with the user credentials you supply, any commands it issues, like editing system configurations files, will be restricted to the system permissions that you have set for that user. This is the best practice for normal operation and requires very little configuration besides the IP address, port number, and user account login information. To find the IP address for the Pi, use can issue the hostname -I command from the terminal.

capture_winscp_connection     capture_winscp_connection_advance

 

If you find that you need elevated permissions, like modifying system files or changing file permissions, you can create a superuser account. The ‘File Protocol‘ needs to be changed from SFTP (Secure File Transfer Protocol) to SCP (Secure Copy Protocol). Under advanced settings, the ‘SCP/Shell‘  needs to be changed to sudo su –

capture_winscp_connection_su     capture_winscp_connection_advance_su

 Note: Be careful of changes made to system files while running under root!

One common problem when transferring files from from your PC to the Raspberry Pi is forgetting to set the appropriate file permissions. The default behavior when adding files and directories to the Pi is to assign them the the user account that you are logged into. One example is when you are updating web pages that might be installed in /var/www. After creating new files you want to right click (F9) the file, or directory, and set the Group, Owner & Permissions for www-data.

capture_winscp_permissions

I normally create two user accounts for each Raspberry Pi I use; a regular one for everyday use, and a superuser account for system changes.

 

Shaun Bennett has written 6 articles

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">