In part I of this series, I explained how to generate a private/public key pair and upload the public key onto your server. Now we need to configure everything to make it work.
Step 1: Paste the Public Key into “authorized_keys”
The “authorized_keys” file contains all the public keys that we trust. In part I, we had a file called “public_rsa” in our /root/.ssh folder like this:
To insert this into authorized_keys, we just use the following command:
cat public_rsa >> ~/.ssh/authorized_keys
And we’re done!
Step 2: Configure PuTTY to Use our Private Key
As of now, we can still log into SSH via passwords. So we need to tell PuTTY to send our private key to the server instead of making the server prompt us for a password. To do this, open your PuTTY connection settings, then on the left-hand side, go to Connection->SSH->Auth like this:
In the box on the right, browse for the location of your private key and save your connection settings by going to the top “Sessions” tab.
Now when you log in, your client will present your private key to the server, which will verify it again the public key in “authorized_keys”. If all goes well, it should now log you in like this:
Disabling Root Login with Password
The next step is to disable root login with a password, and only allow login with a private key. In an earlier tutorial, we saw how to disable root logins entirely. To ensure that you can only login to root using an SSH key, we have to change the statement from:
PermitRootLogin no
to
PermitRootLogin without-password
Now restart the SSH service as before, and you’re done! We have successfully used SSH keys to log into our VPS server and disabled root logins without a password.
Using SSH Keys for Other Users
If you’re uncomfortable about allowing root logins in the first place, then you can configure SSH keys to be used with any other user. Each user has their own “authorized_keys” file.
Instead of this location for root:
/root/.ssh/authorized_keys
It will become
/username/.ssh/
Where you replace username with the name of the specific user for whom you want to enable SSH logins.
With the usage of SSH keys and disabling root logins, your server is now far more secure than it was before. If you’ve already changed your SSH ports as mentioned in a previous article, then you’re pretty much set. Congratulations!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Leave a Reply