re: root and ssh keys

March 12, 2014 2.9k views
trebla
By:
trebla
hi there, I've seen that this question has been partially answered elsewhere but hasn't quite got to the nub of it. I understand that I should not be using root and instead use sudo. I set up the droplet with an ssh key and added a new user. The problem being that now that user has password login. Should I be setting up ssh key to log in with this new non-root user? surely otherwise I'm reintroducing the same security flaw that was the reason for using ssh keys in the first place. And if I should be setting this up how do I go about it?
Log In to Comment
2 Answers
matthew.r.schwartz March 12, 2014
Yes you should use setup SSH keys for the new user, and disable ssh as root too.

Take a look at the following page for additional details:
https://www.digitalocean.com/community/articles/how-to-set-up-ssh-keys--2

In short you need to generate a ssh key pair, and copy the id_rsa.pub to the new users ~/.ssh/authorized_keys on your VPS.
How To Set Up SSH Keys
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.
Reply
diti March 13, 2014
I would advise you to use whatever login method you need for standard users, and use the SSH key defined in the DO Dashboard, as the key for root.

What I mean is, in /etc/ssh/sshd_config, set PermitRootLogin like so:
PermitRootLogin without-password

That way, you still can SSH login as root in case of emergency, whilst disallowing password-based authentication for root.
Reply
Have another answer? Share your knowledge.