@sshjerk

To enable public key authentication you must do the following:

1- On your local machine, create a ssh key par with ssh-keygen.
2- Copy your public key to the server using ssh-copy-id <username>@<server ip>
3- Then you can login using ssh <username>@<server ip>

Hope this helps.

@sshjerk

You should only need to setup .ssh for individual users. The root user already has this directory on Ubuntu – ~/.ssh – and it’s permissions are already set.

So what you need to do depends on who you’re trying to set the SSH Key up for.

…

For root, you’d generate a key pair locally and add the public key to ~/.ssh/authorized_keys. You’d then use the private key to log in.

For example, I’m on MacOS, so I’d open up Terminal and run:

ssh-keygen -a 500 \
           -b 4096 \
           -C "" \
           -E sha256 \
           -o \
           -t rsa

From there, I’ll be prompted to set a location for storing the keys generated by the command, so I’ll provide a path and name. You’ll then be prompted for a passphrase and asked to confirm.

Once the key is saved locally, you can then cat it locally and then copy and paste it to the server or us the ssh-copy-id command. I normally copy and paste :-).

…

If you’re setting up SSH Keys for non-root users, you need to make sure the user is setup properly.

mkdir -p /home/mynewuser/.ssh

touch /home/mynewuser/.ssh/authorized_keys

useradd -d /home/mynewuser mynewuser

chmod 700 /home/mynewuser/.ssh

chmod 644 /home/mynewuser/.ssh/authorized_keys

chown -R /home/mynewuser

chown root:root /home/mynewuser

Now that the new user is setup, you can copy the public key to the users authorized_keys file.

…

The public key doesn’t need to exist anywhere other than in the authorized_keys file on the Droplet. The private key should not be uploaded at all, instead, only used locally to connect.