Question

re: root and ssh keys

  • Posted March 12, 2014

hi there, I’ve seen that this question has been partially answered elsewhere but hasn’t quite got to the nub of it. I understand that I should not be using root and instead use sudo. I set up the droplet with an ssh key and added a new user. The problem being that now that user has password login. Should I be setting up ssh key to log in with this new non-root user? surely otherwise I’m reintroducing the same security flaw that was the reason for using ssh keys in the first place. And if I should be setting this up how do I go about it?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I would advise you to use whatever login method you need for standard users, and use the SSH key defined in the DO Dashboard, as the key for root. <br> <br>What I mean is, in /etc/ssh/sshd_config, set PermitRootLogin like so: <br>PermitRootLogin without-password <br> <br>That way, you still can SSH login as root in case of emergency, whilst disallowing password-based authentication for root.

Yes you should use setup SSH keys for the new user, and disable ssh as root too. <br> <br>Take a look at the following page for additional details: <br>https://www.digitalocean.com/community/articles/how-to-set-up-ssh-keys--2 <br> <br>In short you need to generate a ssh key pair, and copy the id_rsa.pub to the new users ~/.ssh/authorized_keys on your VPS. <br>