Songhay Studio: flippant remarks about Ubuntu public key authentication
The goals of public key authentication include disallowing logging in to a remote server as root and using ssh a public key (with an optional passphrase) instead of server passwords to login (with a user of reduced privileges—with sudo powers).
The public key comes from your local machine (in .ssh/id_rsa.pub) and is sent to the remote machine with this command:
ssh-copy-id root@555.555.5.55
Your user with reduced privileges recognizes the key when .ssh/authorized_keys contains the key. To disallow root login (which should be done after testing the reduced-privileges user), find this line in /etc/ssh/sshd_config on the remote server:
PermitRootLogin yes
To seal the breach, change this line to:
PermitRootLogin no
All the work on the remote server should be punctuated with this:
service ssh restart
The details of this whole process is covered quite well in “Initial Server Setup with Ubuntu 14.04.”