ssh Private Keys

April 28, 2018 305 views
DigitalOcean Debian
rphintze
By:
rphintze

Noob here.

I set up my droplet over a years ago, and followed instructions to set up private key for ssh. If I recall correctly, it seemed to work fine. I have not accessed my droplet in several (many) months.

When I access now thru my user account (not root), it prompts me for a pwd and allows me to login. In the user's .ssh directory the is an "authorized_key" file with what appears to me a key saved in it. My understanidng from reading on DO's help forum is that the ssh keys are meant to work in lieu of root password log on, and that if I am logging on as user (not root) I should not be promoted for a paraphrase. So, I assume that there shouldn't be any key info in the .ssh directory for the user.

When I access my account thru root, I am prompted for my root pwd (no the paraphrase) and am allowed to login as root. In the root's .ssh directory, however, there is an authorized_key" file but it is empty.

Moreover, on my local machine, the only "private certificate" is one that I recent generated for another website (not my DO droplet). There doesn't seem to be a "private certificate" my DO droplet.

Should I just start over as far as adding the ssh key?

2 Answers

You have to manually disable password authentication after setting up key based authentication.

A few follow up questions:

  1. Shouldn't there be a "id_rsa" file (a private key) on my local machine? There is not.

  2. The "authorizedkeys" file in the .ssh of my root is empty. The file is there, but nothing is in it. The "authorizedkeys" file in the .ssh of my user does have what apprears to be a key in it.

I am not sure how to tell if the key is working. That is, the is no private key in on my local machine, but I can login nevertheless. Shouldn't I be prevented since there is public key on my DO drplot, but no private key on my local machine?

Thanks in advance.

Have another answer? Share your knowledge.