Server Security

Adding an Authorized Key for SSH

by Jacob Tirey  • 

In a previous article, SSH Key Authentication, I explained how to generate an SSH key so you could automatically log into your server instead of using a password. This is convenient for you (no more typing the password) and very inconvenient for potential hackers. If you turn off password authentication (because you’ll no longer need it), no amount of password guessing will let a hacker in.

The previous article showed you how to add the key to your cPanel server, but what if you’re not running cPanel? Don’t worry, the process is just as easy for no-panel servers. I’ll show you how.

Adding the Key

Again, if you’re using cPanel, you should see my previous article. If you’re running anything else, read on.

This article assumes you already have the keys generated. If you don’t have those, see my instructions under Generating the Keys in: SSH Key Authentication.

  1. Once you have your keys, you can easily add your public key to your server by adding it to your authorized_keys file.

Simply edit the file. If it doesn’t exist, that’s ok; go ahead and create it.

nano ~/.ssh/authorized_keys

Paste your public key (.pub file) in, save, and exit.

  1. You’ll want to do a quick check to make sure that key authentication is enabled.

Open your SSH config file:

nano /etc/ssh/sshd_config

Make sure that you have both of these lines in the file and that they look exactly like this:

PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

The first line tells your server to allow keys to be used for authentication. The second line tells it where to find the list of authorized keys. If you had to add/modify those lines, be sure to restart the SSH service. That’s it! Now you’re ready for the convenience of password-less entry.

Disabling Password Authentication

If you want to go the extra mile and harden the security of your server, disable password authentication – you don’t need it anymore! It will keep the password guessers out and leave you with peace of mind.

  1. In the same SSH config file as above, look for the line containing PasswordAuthentication and edit it to say no:
PasswordAuthentication no
  1. Save, exit, and restart SSH.

Pretty easy stuff huh? Server security isn’t so bad!

Photo by brandon shigeta

Find out more about ServInt solutions

Starting at $69

Comments
  1. Harden your server like a pro in 2 easy steps: install an authorized key for #SSH and disable password authentication http://t.co/JvKXvJQDww
  2. Server security starts with hardening #SSH. Learn how in the #TechBench. http://t.co/JvKXvJQDww http://t.co/S9StXz2Nof
  3. I found the instructions on the following page even easier to follow for setting up an authorized key for SSH to use with Putty: http://www.carlos-roque.com/2011/05/10/ssh-putty-with-public-keys-to-connect-to-whm/
  4. Harden your server like a pro in 2 easy steps: install an authorized key for #SSH and disable password authentication http://t.co/fcPCClZCeY
  5. RT @servint: Keep the hackers out of your server with SSH key authentication, in this week's #TechBench. http://t.co/JvKXvJQDww
  6. Keep the hackers out of your server with SSH key authentication, in this week's #TechBench. http://t.co/JvKXvJQDww
Start the conversation

Jacob Tirey

Jacob Tirey

Jacob Tirey is a Member Emeritus of ServInt’s Managed Services Team.

  • The New York Times
  • The Hill
  • Bloomberg
  • The Seattle Times
  • Computer World
  • Ars Technica
  • MSNBC