Two advantages:
- Passwordless login: With SSH keys, your computer will have the key and you will never need to write root password.
- Hacking: Noone can guess or brute force your password into logging into your server, as we will not allow logging in without SSH.
So in short, SSH key login is faster, safer, easier.
Lets Generate a SSH key pair
On your terminal run:
ssh-keygen
Do not give any password, and defaults are ok.
This key, is the key to your server, so do not loose it, back it up to a safe usb drive, and keep it safe. You will always need this to enter your server. At the end of the post, ill tell you what to do in case of loosing ssh key, but its always better not to loose it.
Lets Make your server trust your key.
ssh-copy-id root@yourdomain.com
It will ask for your password, then it will put your key to your server, so that server will know what to trust.
to test:
ssh root@yourdomain.com
if you logged in without any password, you are almost done.
Now, lets disable Password Login
Log in your server and edit /etc/ssh/sshd_config file
uncomment/create these lines
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
then reload ssh daemon:
systemctl reload sshd
Voila! Done. Lets go.
What if you loose your ssh key?
First of all, do not loose your key, but in case you did:
Most probably when you login to your provider, there will be remote access page, get in there. It will be local connection so it will not require any ssh key, so that you can login and revert the changes we made to sshd_config file, then start all over again.
Bon appetit.
🌊⛰🔥