Two advantages:

• Passwordless login: With SSH keys, your computer will have the key and you will never need to write root password.
• Hacking: Noone can guess or brute force your password into logging into your server, as we will not allow logging in without SSH.

So in short, SSH key login is faster, safer, easier.

Lets Generate a SSH key pair

On your terminal run:

ssh-keygen

Do not give any password, and defaults are ok.

This key, is the key to your server, so do not loose it, back it up to a safe usb drive, and keep it safe. You will always need this to enter your server. At the end of the post, ill tell you what to do in case of loosing ssh key, but its always better not to loose it.

Lets Make your server trust your key.

ssh-copy-id root@yourdomain.com

It will ask for your password, then it will put your key to your server, so that server will know what to trust.

to test:

ssh root@yourdomain.com

if you logged in without any password, you are almost done.

Now, lets disable Password Login

Log in your server and edit /etc/ssh/sshd_config file

uncomment/create these lines

PasswordAuthentication no

ChallengeResponseAuthentication no

UsePAM no

then reload ssh daemon:

systemctl reload sshd

Voila! Done. Lets go.

What if you loose your ssh key?

First of all, do not loose your key, but in case you did:

Most probably when you login to your provider, there will be remote access page, get in there. It will be local connection so it will not require any ssh key, so that you can login and revert the changes we made to sshd_config file, then start all over again.

Bon appetit.

🌊⛰🔥