Disable Root Login and Setup Public Key Authentication

If you want to increase security for your Virtual Machine (Linux based), disabling root ssh login and enabling public_key authentication is a good first step

This guide assumes that you have a private key that you built using a program like PuttyGen. We recommend a 2048 bit key. If you do not have a public/private key pair, do so first, or else you will be unable to ssh into your VM after you follow the contents of this article

1. User console or ssh into your VM

2. Edit your sshd_config file
# nano /etc/ssh/sshd_config

Tip*: Nano is a text editing program. In a minimal install, this might not be installed. If this is the case, you can either use vi, or you can install nano using the following commands

Cent OS
# yum -y install nano

# apt-get install nano


3. Search for file for the line which contains "PermitRootLogin", and change it so it looks as follows

PermitRootLogin no

4. Search for the line which contains "PubkeyAuthentication", and change it so it looks as follows

PubkeyAuthentication yes

5. Use CTRL+O to save the contents, and CTRL+X to exit

6. Now it is time to create a public/private key pair on your VPS

# cd ~
# ssh-keygen -t rsa
--You will be provided with a couple of options. You may fill out the details, or press enter until you complete the creation of your public/private key pair
# cd .ssh
# nano authorized_keys
--paste the contents of your public_key that was given to you from PuttyGen into this file
--Use CTRL+O to save the contents, and CTRL+X to exit

7. Now that you have added your public key to the server, use putty to connect to your server, but make sure to connect using public key authentication. You can load your public key into putty by opening the program and clicking through to the following path

Connection -> SSH -> Auth

Once you have selected auth, you can browse to your private key using the Browse button

If you want to set your username by default (to save you from having to enter it) you can enter it at the following location

Connection -> SSH -> Data -> Auto-login username

8. On the session tab, set the host name, and in the saved sessions, enter a name, and click on the Save button. This will allow you to log into your SSH server in one click with a private key

9. Log into the server using your new session

10. If you were able to successfully log into the server using your new connection, you can now safely restart the ssh daemon, which will prevent users from logging into the server as the root user without the public key

--Cent OS
# service ssd restart

# /etc/init.d/ssh restart

  • 237 Users Found This Useful
Was this answer helpful?

Related Articles

HOW TO: Install an OS Template for KVM

1. Login to SolusVM.2. Click on the "Manage" button to the right of your KVM server you wish to...

HOW TO: Cancel your service

Just follow these simple instructions:1. Login to the Client Area.2. Click on "My Services" under...

Fix rsyslog CPU Usage

Run it from command line service rsyslog stopsed -i -e 's/^\$ModLoad imklog/#\$ModLoad imklog/g'...

HOW TO: Installing an OS using an ISO in SolusVM

1. Login to SolusVM to manage your KVM VPS.2. Click the "Manage" button next to the KVM VPS you...

HOW TO: Reset your login information?

To reset your password for the Client Area: https://secure.ftpit.com/pwreset.php.To reset your...