Sales:  800-573-7846 or Live Chat

The ServInt Source

Adding an Authorized Key for SSH

tech bench 2In a previous article, SSH Key Authentication, I explained how to generate an SSH key so you could automatically log into your server instead of using a password. This is convenient for you (no more typing the password) and very inconvenient for potential hackers. If you turn off password authentication (because you’ll no longer need it), no amount of password guessing will let a hacker in.

The previous article showed you how to add the key to your cPanel server, but what if you’re not running cPanel? Don’t worry, the process is just as easy for no-panel servers. I’ll show you how.

Adding the Key

Again, if you’re using cPanel, you should see my previous article. If you’re running anything else, read on.

This article assumes you already have the keys generated. If you don’t have those, see my instructions under Generating the Keys in: SSH Key Authentication.

  1. Once you have your keys, you can easily add your public key to your server by adding it to your authorized_keys file.

- Simply edit the file. If it doesn’t exist, that’s ok; go ahead and create it.

nano ~/.ssh/authorized_keys

- Paste your public key (.pub file) in, save, and exit.

  1. You’ll want to do a quick check to make sure that key authentication is enabled.

- Open your SSH config file:

nano /etc/ssh/sshd_config

- Make sure that you have both of these lines in the file and that they look exactly like this:

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys

The first line tells your server to allow keys to be used for authentication. The second line tells it where to find the list of authorized keys. If you had to add/modify those lines, be sure to restart the SSH service. That’s it! Now you’re ready for the convenience of password-less entry :)

Disabling Password Authentication

If you want to go the extra mile and harden the security of your server, disable password authentication – you don’t need it anymore! It will keep the password guessers out and leave you with peace of mind.

  1. In the same SSH config file as above, look for the line containing PasswordAuthentication and edit it to say no:

PasswordAuthentication no

  1. Save, exit, and restart SSH.

Pretty easy stuff huh? Server security isn’t so bad!

 

 





About Jacob Tirey

Jacob Tirey is an IT professional and former member of ServInt's Managed Services team.


The ServInt Source | Web Hosting Blog