In my previous article, SSH Key Authentication, I told you how to generate an SSH key so you could automatically login instead of using a password. This is convenient for you (no more typing the password) and very inconvenient with potential hackers. If you turn off password authentication (cause you’ll no longer need it), no amount of password guessing will let a hacker in, even if they guess the right password.
The previous article showed you how to add the key to your cPanel server, but what if you’re not running cPanel? Don’t worry, one would argue the process is even easier for no-panel servers. I’ll show you how.
Adding the Key
Again, if you’re using cPanel, you should see my previous article. If you’re running anything else, read on. This article assumes you already have the Keys generated. If you don’t have those, see my instructions here: SSH Key authentication | Generating the Keys.
Once you have those, you can easily add your public key to your server by adding it to your ‘authorized keys’ file. Simply edit the file. If it doesn’t exist, that’s ok, go ahead and create it.
Paste your public key (
.pub file) in, save, and exit. Finally, you’ll want to do a quick check to make sure that key authentication is enabled. Open your SSH conf file:
Make sure that you have both of these lines and that they look exactly like this:
The first line tells your server to allow keys to be used for authentication. The second line tells it where to find the list of authorized keys. If you had to add/modify those lines, be sure to restart the SSH service. That’s it! Now you’re ready for the convenience of password-less entry :)
Going the extra mile: Disable Password Authentication
If you want to go the extra mile and harden the security of your server, disable password authentication - you don’t need it anymore! It will keep the password guessers out and leave you with peace of mind.
In that same SSH config file, look for this line and edit it to say
Save, exit, and restart SSH. Pretty easy stuff huh? Server security isn’t so bad!
Note about this article
This article is one I had written and shared with the ServInt blog as part of the ‘Tech bench’ series. You can view it on the ServInt blog here. They are using my article with my permission.