A Three-Step Guide on How to set up passwordless SSH authentication


Why am I writing this?

Because the vps of someone in the fediverse just got hacked, and it's super scary.

SSH up, people!


Apparently root is the only superuser some people have chez DigitalOcean. How annoying.

If this applies to you, here is what to do on your VPS:

adduser username

The terminal will ask you to enter a password for this new user. You don’t have to answer those questions. Pressing Enter for everything is fine.

usermod -aG sudo username
userdel -r username

Step 1: Go to your terminal and generate keys

Where to type the commands?

  • For Mac Users: Spotlight search for “Terminal”, then type the command “ssh-keygen”

  • For Windows Users: Windows Menu search “cmd”, then type bash in it, then “ssh-keygen”


Step 2: Send the Generated Key to Your VPS

ssh-copy-id username@yourdomain

Step 3: Connect

Then you just enter your password after the command to make sure everything works

ssh username@yourdomain

Now: Disable password logins

The disabling is optional but recommended.

sudo nano /etc/ssh/sshd_config
Port 36
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
sudo service sshd reload