Adding an Authorized Key

October 12, 2013 — Leave a comment

In my previous article, SSH Key Authentication, I told you how to generate an SSH key so you could automatically login instead of using a password. This is convenient for you (no more typing the password) and very inconvenient with potential hackers. If you turn off password authentication (cause you’ll no longer need it), no amount of password guessing will let a hacker in, even if they guess the right password.

The previous article showed you how to add the key to your cPanel server, but what if you’re not running cPanel? Don’t worry, one would argue the process is even easier for no-panel servers. I’ll show you how.

Adding the Key

Again, if you’re using cPanel, you should see my previous article. If you’re running anything else, read on. This article assumes you already have the Keys generated. If you don’t have those, see my instructions here: SSH Key authentication | Generating the Keys.

Once you have those, you can easily add your public key to your server by adding it to your ‘authorized keys’ file. Simply edit the file. If it doesn’t exist, that’s ok; go ahead and create it.

Paste your public key (.pub file) in, save, and exit. Finally, you’ll want to do a quick check to make sure that key authentication is enabled. Open your SSH conf file:

Make sure that you have both of these lines and that they look exactly like this:

The first line tells your server to allow keys to be used for authentication. The second line tells it where to find the list of authorized keys. If you had to add/modify those lines, be sure to restart the SSH service. That’s it! Now you’re ready for the convenience of password-less entry :)

Going the extra mile: Disable Password Authentication

If you want to go the extra mile and harden the security of your server, disable password authentication – you don’t need it anymore! It will keep the password guessers out and leave you with peace of mind.

In that same SSH config file, look for this line and edit it to say “no”:

Save, exit, and restart SSH. Pretty easy stuff huh? Server security isn’t so bad!

Note about this article

This article is one I had written and shared with the ServInt blog as part of the ‘Tech bench’ series. You can view it on the ServInt blog here. They are using my article with my permission.

Jacob "Boom Shadow" Tirey

Posts Twitter

A linux web hosting administrator, a professional production sound man, and a renegade cop without nothing left to lose.... Ok, that last part is made up. In all seriousness, my passion in life is to help people; whether that be with help running their sites or with their productions. The name 'Boom Shadow' was given to me by a great group of filmmakers called Star Wipe Films. back in 2005 and has been with me since. I hope my site is helpful to you, and if there's something you need, drop me a line!