Root login to work with password, ONLY from virtual-server-based/KVM console

January 15, 2019 383 views
Security Linux Basics Linux Commands DigitalOcean Ubuntu

I want to be able to:

  • login via remote SSH as root, ONLY with ssh-key pair
  • login via DigitalOceans KVM/Virtual-shell as root, with password

I do not see how else I can use ssh-key pair on the root account and still get the benefit of being able to login via Digital Oceans virtual Console that they give in their browser.

1 Answer

@nyeates1

If you have setup a ssh key pair on Digital Ocean and used it when creating the droplet, then your SSH is configured to only accept public key authentication for your root user and no password is assigned to root, to set it up login via ssh as root and issue this command passwd to change password.

If you did not use a key pair when creating the droplet, then a password will be generated for root account and you change it when logging in for the first time, here you need to do the following to disable using passwords when connecting with SSH:

  • First create a key pair on you laptop -if you do not have one- with this command ssh-keygen
  • Copy the public key to your droplet with this command ssh-copy-id root@<droplet_ip>.
  • Disable SSH access using password by setting this option PasswordAuthentication no in /etc/ssh/sshd_config.
  • Make sure public key authentication is setup with this option PubkeyAuthentication yes
  • Restart ssh with this command sudo service ssh restart

Now you can access your droplet over SSH with your public key as root and login to KVM console as root with your password.

Hope this helps.

Have another answer? Share your knowledge.