Using SSH keys for root logins is generally recommended over using password authentication. SSH keys are generated as a pair, where you have a private key and a public key. The public key resides on the server while the private key is retained securely by the client, so in order to authenticate the private key and public key have to be part of the same pair. This is more secure than password authentication in that your credentials can’t be brute-forced or guessed – you can only log in if you have a matching key pair.
The first thing you should do is create your key pair(s). Go to WHM > Manage root’s SSH Keys, then click “Generate a New Key”.
The next page will ask you to specify the parameters for the SSH key, such as the username (root), password, and key type and size:
To increase security, you’ll generally want to use a password with your key. This is completely optional, but it will require you to enter a password for your key when you attempt to log into the server. This is more secure because if someone were to get a hold of your private key, they wouldn’t be able to use it without knowing the key’s password.
Going back to the SSH manager, click “View/Download Key” under the Private Keys section to obtain your private key. Now that you have your private key, you should use this in your SSH client in order to log in. If you’re logging in from a Linux terminal, simple download the key to ~/.ssh/id_rsa (or id_dsa if this was a DSA key). For PuTTy, use the Convert function from the download screen to decrypt the key so it can be imported.
Finally, to disable password authentication in favor of keys, log into WHM and go to Security Center > SSH Password Authentication Tweak, then click Disable Password Auth.
Keep in mind that if password authentication is enabled, you can still use your keys – but the server will accept a password as well.
Stephane is a web developer and system administrator with over 18 years of experience. Specialized in PHP programming and Linux server administration, he also provided development and consulting services to SMBs for several years before becoming an online entrepreneur.