Question

re: root and ssh keys

Posted March 12, 2014 3.8k views
hi there, I've seen that this question has been partially answered elsewhere but hasn't quite got to the nub of it. I understand that I should not be using root and instead use sudo. I set up the droplet with an ssh key and added a new user. The problem being that now that user has password login. Should I be setting up ssh key to log in with this new non-root user? surely otherwise I'm reintroducing the same security flaw that was the reason for using ssh keys in the first place. And if I should be setting this up how do I go about it?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
Yes you should use setup SSH keys for the new user, and disable ssh as root too.

Take a look at the following page for additional details:
https://www.digitalocean.com/community/articles/how-to-set-up-ssh-keys--2

In short you need to generate a ssh key pair, and copy the id_rsa.pub to the new users ~/.ssh/authorized_keys on your VPS.
by Etel Sverdlov
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.
I would advise you to use whatever login method you need for standard users, and use the SSH key defined in the DO Dashboard, as the key for root.

What I mean is, in /etc/ssh/sshd_config, set PermitRootLogin like so:
PermitRootLogin without-password

That way, you still can SSH login as root in case of emergency, whilst disallowing password-based authentication for root.
Submit an Answer