Adding an Authorized Key

Jacob "BoomShadow" Tirey

<< there's no place like 127.0.0.1

In my previous article, SSH Key Authentication, I told you how to generate an SSH key so you could automatically login instead of using a password. This is convenient for you (no more typing the password) and very inconvenient with potential hackers. If you turn off password authentication (cause you’ll no longer need it), no amount of password guessing will let a hacker in, even if they guess the right password.

The previous article showed you how to add the key to your cPanel server, but what if you’re not running cPanel? Don’t worry, one would argue the process is even easier for no-panel servers. I’ll show you how.

Adding the Key

Again, if you’re using cPanel, you should see my previous article. If you’re running anything else, read on. This article assumes you already have the Keys generated. If you don’t have those, see my instructions here: SSH Key authentication | Generating the Keys.

Once you have those, you can easily add your public key to your server by adding it to your ‘authorized keys’ file. Simply edit the file. If it doesn’t exist, that’s ok, go ahead and create it.

    nano ~/.ssh/authorized_keys

Paste your public key (.pub file) in, save, and exit. Finally, you’ll want to do a quick check to make sure that key authentication is enabled. Open your SSH conf file:

    nano /etc/ssh/sshd_config

Make sure that you have both of these lines and that they look exactly like this:

PubkeyAuthentication yes  
AuthorizedKeysFile %h/.ssh/authorized_keys

The first line tells your server to allow keys to be used for authentication. The second line tells it where to find the list of authorized keys. If you had to add/modify those lines, be sure to restart the SSH service. That’s it! Now you’re ready for the convenience of password-less entry :)

Going the extra mile: Disable Password Authentication

If you want to go the extra mile and harden the security of your server, disable password authentication - you don’t need it anymore! It will keep the password guessers out and leave you with peace of mind.

In that same SSH config file, look for this line and edit it to say no:

PasswordAuthentication no

Save, exit, and restart SSH. Pretty easy stuff huh? Server security isn’t so bad!

Note about this article

This article is one I had written and shared with the ServInt blog as part of the ‘Tech bench’ series. You can view it on the ServInt blog here. They are using my article with my permission.

Read More

Running Gitit Wiki with Upstart

I know I've been rather quiet lately. I've been busy travelling for a little bit and found myself at a new job. Well, now I'm getting bac...… Continue reading

New cPanel and Changing to Paper Lantern Theme

Published on June 23, 2015

Installing ImageMagick & PHP Imagick

Published on March 26, 2015