Secure Shell (SSH): Configuring Public-Private Keys for Password-less Logins

  1. Will need to manage multiple passwords: (1) hosting provider web dashboard, (2) server root, (3) server sudo user, (4) optional ssh private key, (5) mySQL admin-user. Root must be unique and complex
  2. Generate keys using puttygen
  3. Copy and paste public key and store in text file (may store putty, keys, and puttygen in a directory above local web root on your laptop)
  4. Once logged into your server as your sudo user, do:
  5. $ cd  # to make sure we're in our home directory
    $ mkdir .ssh && touch ~/.ssh/authorized_keys
    $ chown -R $USER:$USER .ssh
    $ chmod 700 .ssh
    $ chmod 600 .ssh/authorized_keys
    $ nano .ssh/authorized_keys
  6. Now copy the contents of your public key file (which resides your local machine/laptop/dev machine) into the authorized_keys file on your server. The public key must be on a single line and start with ssh-rsa
  7. Within putty: (1) Connection->Data then add username for pwdless login (2) SSH->Auth->Browse and select *.ppk private key file (3) Session->Enter name and save
  8. Open a new putty window using this new configuration
  9. Once you confirm your server successfully authenticates with public key, disable password-based logins:
    1. $ sudo nano /etc/ssh/sshd_config
    2. Scroll through the file and make sure the following are set:
    3. ChallengeResponseAuthentication no
      PasswordAuthentication no
      UsePAM no  #NB: Leave UsePAM as yes (the default) if you want to see server stats from landscape-common
    4. After you exit and save, reload SSH:
    5. $ sudo service ssh reload
  10. At anytime you can view the SSH server logs via:
  11. $ tail -f /var/log/auth.log