After many failed attempts, I was finally able to configure my server to work with SSH key that too successfully without any lockouts. My test server was running CentOS with WebMin as control panel, but it can surely be setup as given on any system.
You need to login to your server with the user you want to setup the SSH keys. Then create a key with following sshkeygen command,
ssh-keygen -t rsa
I have used RSA as my choice. You can also use DSA as shown,
ssh-keygen -t dsa -b 2048
You will be asked for name of file with home user path. Check it and give it a name if you want or just press enter.
Next question will be for Passphrase. As you will be moving from password login to passwordless login, you can set a passphrase. This will act as secondary authentication. You will need to enter this every time after SSH key is verified by server. This increases security but at same time ruins the purpose of passwordless login.
I have just pressed enter twice and didn’t set it. The output should look something like this,
Set the proper permissions needed,
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
Please note if you have not given any name to key file at first question then it will be default ‘id_rsa’ as in above command. The path ‘~/.ssh/’ by default refers to ‘.ssh’ folder in your user directory.
Then you need to copy this public SSH key to servers authorized keys in ‘/.ssh/’ folder. For use with WebMin enter this,
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The above path will always be located in the home directory of user which you are logged with in SSH. E.g. for testuser,
With most of the SSH clients, you can use regular private key to get passwordless login. However, if you need to use SSH client like putty you will need to convert this key to its own format. Download id_rsa (the private key not the .pub public key) file from the same folder as above. You can use FTP, WebMin File Manager, or other means to download this file to your local computer.
Convert this key to be used with PuTTY using its key generator called PuTTYgen as given in this article SECTION A. Make sure that you select correct type of key and number of bits while converting. Follow the complete section till end by configuring the connection and saving it. Leave the AWS section which doesn’t apply to you.
Finally, you need to tell SSH server that you want to use SSH keys instead of password. Login to your WebMin panel and make sure about some authentication settings as below,
For now, you should leave the root login as YES as it might come handy for rescue. The default path ‘~/.ssh/authorized_keys’ will do for most of the people. If you saved the above created ‘authorized_keys’ file somewhere else then you will need to change the path.
Testing time. If you saved the session in PuTTy or other client as shown in this article then you just need to open the session and you will be prompted to enter your login name. Enter it and login will be verified with the key saved on your local computer.
So, you got yourself a passwordless login to server and pretty much protected from password hacking. If everything went well then you shall change the root login and authentication by password to NO.
Questions and issues are welcome!