System Status
Buy Now
  • Email & Apps
  • Office 365
Login
  • MyRackspace Portal
  • Cloud Control Panel
  • Rackspace Webmail Login
  • Cloud Office Control Panel
  • Support Home
  • How-To
  • Developer Documentation
  •  Blogs 
    • Expert Insights Tech Blog
    • Rackspace Blog
    • Solve: Thought Leadership

Support Network

End-to-End Multicloud Solutions.   Solving Together.â„¢   Learn more at Rackspace.com

How–To Home

Cloud Servers

  • Introduction
  • FAQ
  • All Articles

Enable SSH public key authentication

Last updated on:  2020-10-22

Authored by:  James Andrade


This article describes the procedure to set up a Secure Shell (SSH) public key authentication.

  1. Log in to the server.

  2. Verify that the user exists:

     `getent passwd <username>`
    
  3. Look up the value assigned to the AuthorizedKeysFile parameter within /etc/ssh/sshd_config to determine the file where the key is stored:

     `grep AuthorizedKeysFile /etc/ssh/sshd_config`
    

    Note: The default location is ~/.ssh/authorized_keys within the user’s default home directory.

  4. Switch to the user’s home directory:

     `cd /directory-path`
    

    Note: Substitute directory-path with user’s home directory path.

  5. Check permission levels for the .ssh/ directory. It should have 0700 permissions and be owned by the user.

     `ls .ssh`
    

    a. If the directory does not exist, create it and set the permissions to 0700:

     `mkdir -m 700 .ssh`
    

    b. If the directory exists, you can set ownership separately:

     `chmod 700 .ssh/`
     `chown -R username:username /path/to/home/.ssh`
    
  6. Switch to .ssh/ directory and authorized_keys file:

     ```cd .ssh/
     vim authorized_keys
     ll```
    
  7. Add the SSH Public Key to the end of the authorized_keys file:

     `vim authorized_keys`
    
  8. Change permissions to 600 and ensure proper ownership of the file:

     `chmod 600 authorized_keys`
     `chown -R username:username authorized_keys`
    

Disable password authentication

If you want all users to log in with public keys and not passwords, you can disable password authentication.

Important: Disabling password authentication locks users who used a password to access the server if SSH authentication is not configured for their account.

  1. Create a backup of the sshd_config file before making any changes:

    mkdir /home/username/backup
    cp /etc/ssh/sshd_config /home/username/backup/sshd_config.bak
    
  2. Open the sshd_config file:

     `vim /etc/ssh/sshd_config`
    
  3. Find the PubkeyAuthentication parameter and set it to yes. If the line is commented, remove any comment indicators (#).

  4. Find fthe PasswordAuthentication parameter within the same file and set it to no.

  5. Save the changes to the file and exit the file.

  6. Check the syntax by using sshd -t. If there are no errors, reload sshd:

     `service sshd reload`
    

Additional notes:

  1. The private key file on your local workstation (client-side) should have permissions set to 600, and the .ssh directory should have the permissions set to 700. The authorized_keys files also work with 644 permissions, but 600 is more secure.

Share this information:

©2020 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER

About Rackspace
  • About
  • Customer Stories
  • Events
  • Programs
Blogs
  • The Rackspace Blog
  • Expert Insights Tech Blog
  • Solve: Thought Leadership
  • News
  • Contact Information
  • Legal
  • Careers
Site Information
  • Style Guide for Technical Content
  • Trademarks
  • Privacy Statement
  • Website Terms
Support Network
  • Support Network Home
  • Rackspace How-To
  • API Documentation
  • Developer Center
  • ©2020 Rackspace US, Inc.