SSH Key Authentication Setup

How To create an SSH key pair, manually copy it to your VPS, and disable password authentication. This is a must have security feature.

Step 1: Create SSH Key Pair

On your Dedicated Device, generate a *local SSH key pair. In Termux/Terminal:

*local means you should not be SSH into your VPS. If you are type exit. enter

In Termux/Terminal:

ssh-keygen -t ed25519 -C "VirtualPrivateNode" -f ~/.ssh/id_ed25519_VirtualPrivateNode

You'll be prompted to enter a passphrase twice. Create a strong passphrase - use KeePass.

What This Creates:
  • Private key: ~/.ssh/id_ed25519_VirtualPrivateNode (keep this secret!)
  • Public key: ~/.ssh/id_ed25519_VirtualPrivateNode.pub (safe to share)

Step 2: Copy Public Key to VPS (Manual Method)

Display your *local public key

cat ~/.ssh/id_ed25519_VirtualPrivateNode.pub

Copy the entire output (one long line starting with ssh-ed25519) and save in KeePass

SSH into your VPS

ssh user@your_vps_ip

Replace user with your non-root username.

Replace your_vps_ip with your VPS IP address. Enter your SSH password when prompted.

Add your public key to authorized_keys

nano ~/.ssh/authorized_keys

Paste your public key (from KeePass), then save and exit (Ctrl+X, then Y, then Enter)

Verify your public key is in place

cat ~/.ssh/authorized_keys

You should see your public key displayed.

Exit the VPS

exit

Test your key-based login

ssh -i ~/.ssh/id_ed25519_VirtualPrivateNode user@your_vps_ip

You should be prompted for your SSH key passphrase (not your SSH password).

✓ Success! If you successfully logged in with your SSH key passphrase, proceed to the next step.

Step 3: Disable Password Authentication

⚠️ Important Warning: Keep your current SSH session open as a backup while making these changes! If you can't open multiple termux sessions, you can always use your VPS provider's web console as a backup access method in case something goes wrong.

Edit SSH configuration

sudo nano /etc/ssh/sshd_config

Find and modify these lines

Use Ctrl+W to search for each setting. Make sure these settings are set as shown below (uncomment by removing # if needed):

PermitRootLogin prohibit-password
PasswordAuthentication no
PubkeyAuthentication yes
KbdInteractiveAuthentication no
UsePAM yes
Important Notes:
  • PermitRootLogin prohibit-password allows root login with SSH keys only, not passwords
  • Search through the ENTIRE file - sometimes settings appear multiple times. The LAST occurrence takes precedence.
  • If you see ChallengeResponseAuthentication instead of KbdInteractiveAuthentication, set it to no
  • Make sure there are no duplicate conflicting entries later in the file

Save and exit

Ctrl+X, then Y, then Enter

Edit Cloud SSH configuration

sudo nano /etc/ssh/sshd_config.d/50-cloud-init.conf

Find and modify these lines

Use Ctrl+W to search for PasswordAuthentication. Change PasswordAuthentication to no:

PasswordAuthentication no

Save and exit

Ctrl+X, then Y, then Enter

Verify configuration before restarting

sudo sshd -T | grep -E "passwordauthentication|pubkeyauthentication|usepam|permitrootlogin"

This shows what SSH will actually use. Verify the settings match what you configured.

Restart SSH service

sudo systemctl restart ssh

Test in a NEW terminal window

ssh -i ~/.ssh/id_ed25519_VirtualPrivateNode user@your_vps_ip

You should only be prompted for your SSH key passphrase. Password authentication is now disabled!

✓ Configuration Complete! Your VPS now only accepts SSH key authentication for user login.

Security Summary

✓ What You've Secured:
  • SSH access now requires your private key + passphrase
  • Password-based SSH login is disabled (prevents brute force attacks)
  • User can only login with SSH keys, not passwords
  • Only you can access the VPS remotely
⚠️ Important Reminders:
  • Backup your private key! Store ~/.ssh/id_ed25519_VirtualPrivateNode securely in KeePass
  • Never share your private key with anyone
  • Save your ssh private key passphrase in KeePass - you'll need it every time you connect
  • If you lose your key, you'll need to login to your VPS client portal to regain access
Note on Root Login:

This guide uses User login, not Root. While SSH key authentication significantly improves security, best practice is to use a regular user account with sudo access. Root login means you'd have full system access immediately.

Quick Reference

Connect to VPS as User with SSH key: use "sudo su -" for to become Root

ssh -i ~/.ssh/id_ed25519_VirtualPrivateNode user@your_vps_ip

View your public key

cat ~/.ssh/id_ed25519_VirtualPrivateNode.pub

Check SSH configuration

sudo sshd -T | grep -E "passwordauthentication|pubkeyauthentication|usepam|permitrootlogin"