A Three-Step Guide on How to set up passwordless SSH authentication

#建站合集SysAdmin

Why am I writing this?

Because the vps of someone in the fediverse just got hacked, and it's super scary.

SSH up, people!



3# OH GOD WHY DIGITALOCEAN WHY?

Apparently root is the only superuser some people have chez DigitalOcean. How annoying.

If this applies to you, here is what to do on your VPS:

adduser username

The terminal will ask you to enter a password for this new user. You don’t have to answer those questions. Pressing Enter for everything is fine.

usermod -aG sudo username
userdel -r username

Step 1: Go to your terminal and generate keys

Where to type the commands?

  • For Mac Users: Spotlight search for “Terminal”, then type the command “ssh-keygen”

  • For Windows Users: Windows Menu search “cmd”, then type bash in it, then “ssh-keygen”

ssh-keygen

Step 2: Send the Generated Key to Your VPS

ssh-copy-id username@yourdomain

Step 3: Connect

Then you just enter your password after the command to make sure everything works

ssh username@yourdomain

Now: Disable password logins

The disabling is optional but recommended.

sudo nano /etc/ssh/sshd_config
Port 36
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
sudo service sshd reload