Using Root SSH Key Authentication

Using SSH keys for root logins is generally recommended over using password authentication. SSH keys are generated as a pair, where you have a private key and a public key. The public key resides on the server while the private key is retained securely by the client, so in order to authenticate the private key and public key have to be part of the same pair. This is more secure than password authentication in that your credentials can’t be brute-forced or guessed – you can only log in if you have a matching key pair.

The first thing you should do is create your key pair(s). Go to WHM > Manage root’s SSH Keys, then click “Generate a New Key”.

The next page will ask you to specify the parameters for the SSH key, such as the username (root), password, and key type and size:

To increase security, you’ll generally want to use a password with your key. This is completely optional, but it will require you to enter a password for your key when you attempt to log into the server. This is more secure because if someone were to get a hold of your private key, they wouldn’t be able to use it without knowing the key’s password.

Going back to the SSH manager, click “View/Download Key” under the Private Keys section to obtain your private key. Now that you have your private key, you should use this in your SSH client in order to log in. If you’re logging in from a Linux terminal, simple download the key to ~/.ssh/id_rsa (or id_dsa if this was a DSA key). For PuTTy, use the Convert function from the download screen to decrypt the key so it can be imported.

Finally, to disable password authentication in favor of keys, log into WHM and go to Security Center > SSH Password Authentication Tweak, then click Disable Password Auth.

Keep in mind that if password authentication is enabled, you can still use your keys – but the server will accept a password as well.

About Stephane Brault

Stephane is a web developer and system administrator with over 18 years of experience. Specialized in PHP programming and Linux server administration, he also provided development and consulting services to SMBs for several years before becoming an online entrepreneur.

2 responses so far ↓

1. Response by : Peter on Mar 15, 2012 at 1:32 pm

I’ve followed the steps to the letter, but I receive a message from Putty stating that “No supported authentication methods available.” Any ideas as to why this might happen?

thanks

2. Response by : eric on Jan 29, 2013 at 10:20 pm

I’ve seen a lot of similar instructions, but none are clear on what user ID you should be using to log in with. My interpretation has been that you should use some user ID that exists — e.g., use the ID you’ve previously been using to log in with via SSH, using a password. But that doesn’t work (in the sense that it just asks for the password as always).

E.g., I’d use a command line something like this:

ssh -vp 22 userid@example.com

…where ‘userid@example.com’ is an account login; and I would be prompted to enter the password for ‘userid@example.com’.

I’ve also tried using the key name as the user ID, with the same result.

Leave a Comment

Name

Email Address

Website

Notify me of followup comments via e-mail