DayPath Journal

Songhay Studio: flippant remarks about Ubuntu public key authentication

The goals of public key authentication include disallowing logging in to a remote server as root and using ssh a public key (with an optional passphrase) instead of server passwords to login (with a user of reduced privileges—with sudo powers).

The public key comes from your local machine (in .ssh/ and is sent to the remote machine with this command:

ssh-copy-id root@555.555.5.55

Your user with reduced privileges recognizes the key when .ssh/authorized_keys contains the key. To disallow root login (which should be done after testing the reduced-privileges user), find this line in /etc/ssh/sshd_config on the remote server:

PermitRootLogin yes

To seal the breach, change this line to:

PermitRootLogin no

All the work on the remote server should be punctuated with this:

service ssh restart

The details of this whole process is covered quite well in “Initial Server Setup with Ubuntu 14.04.”