SSH Key Authentication Setup

This guide walks you through creating an SSH key pair, manually copying it to your VPS, and disabling password authentication to secure your server. This guide assumes you are logging in as root.

Step 1: Create SSH Key Pair

On your Dedicated Device, generate a new SSH key pair *locally. In Termux/Terminal:

*locally means you should not be in your VPS. If you are type exit. enter

In Termux/Terminal:

ssh-keygen -t ed25519 -C "VirtualPrivateNode" -f ~/.ssh/id_ed25519_VirtualPrivateNode

You'll be prompted to enter a passphrase twice. Create a strong passphrase - use KeePass.

What This Creates:
  • Private key: ~/.ssh/id_ed25519_VirtualPrivateNode (keep this secret!)
  • Public key: ~/.ssh/id_ed25519_VirtualPrivateNode.pub (safe to share)

Step 2: Copy Public Key to VPS (Manual Method)

Display your public key

cat ~/.ssh/id_ed25519_VirtualPrivateNode.pub

Copy the entire output (one long line starting with ssh-ed25519) and save in KeePass

SSH into your VPS as root

ssh root@your_vps_ip

Replace your_vps_ip with your VPS IP address. Enter your root password when prompted.

On the VPS, create the .ssh directory for root

mkdir -p /root/.ssh
chmod 700 /root/.ssh

Add your public key to authorized_keys

nano /root/.ssh/authorized_keys

Paste your public key (from KeePass), then save and exit (Ctrl+X, then Y, then Enter)

Set correct permissions

chmod 600 /root/.ssh/authorized_keys

Verify your public key is in place

cat /root/.ssh/authorized_keys

You should see your public key displayed.

Exit the VPS

exit

Test your key-based login

ssh -i ~/.ssh/id_ed25519_VirtualPrivateNode root@your_vps_ip

You should be prompted for your SSH key passphrase (not your VPS password).

✓ Success! If you successfully logged in with your SSH key passphrase, proceed to the next step.

Step 3: Disable Password Authentication

⚠️ Important Warning: Keep your current SSH session open as a backup while making these changes! If you can't open multiple termux sessions, you can always use your VPS provider's web console as a backup access method in case something goes wrong.

Edit SSH configuration

nano /etc/ssh/sshd_config

Find and modify these lines

Use Ctrl+W to search for each setting. Make sure these settings are set as shown below (uncomment by removing # if needed):

PermitRootLogin prohibit-password
PasswordAuthentication no
PubkeyAuthentication yes
KbdInteractiveAuthentication no
UsePAM no
Important Notes:
  • PermitRootLogin prohibit-password allows root login with SSH keys only, not passwords
  • Search through the ENTIRE file - sometimes settings appear multiple times. The LAST occurrence takes precedence.
  • If you see ChallengeResponseAuthentication instead of KbdInteractiveAuthentication, set it to no
  • Make sure there are no duplicate conflicting entries later in the file

Save and exit

Ctrl+X, then Y, then Enter

Edit Cloud SSH configuration

nano /etc/ssh/sshd_config.d/50-cloud-init.conf

Find and modify these lines

Use Ctrl+W to search for PasswordAuthentication. Change PasswordAuthentication to no:

PasswordAuthentication no

Save and exit

Ctrl+X, then Y, then Enter

Verify configuration before restarting

sshd -T | grep -E "passwordauthentication|pubkeyauthentication|usepam|permitrootlogin"

This shows what SSH will actually use. Verify the settings match what you configured.

Restart SSH service

systemctl restart ssh

Test in a NEW terminal window

ssh -i ~/.ssh/id_ed25519_VirtualPrivateNode root@your_vps_ip

You should only be prompted for your SSH key passphrase. Password authentication is now disabled!

✓ Configuration Complete! Your VPS now only accepts SSH key authentication for root login.

Security Summary

✓ What You've Secured:
  • SSH access now requires your private key + passphrase
  • Password-based SSH login is disabled (prevents brute force attacks)
  • Root can only login with SSH keys, not passwords
  • Only you can access the VPS remotely
⚠️ Important Reminders:
  • Backup your private key! Store ~/.ssh/id_ed25519_VirtualPrivateNode securely in KeePass
  • Never share your private key with anyone
  • Save your ssh private key passphrase in KeePass - you'll need it every time you connect
  • If you lose your key, you'll need to login to your VPS client portal to regain access
Note on Root Login:

This guide uses root login for simplicity. While SSH key authentication significantly improves security, best practice is to use a regular user account with sudo access. Root login means you have full system access immediately, so be careful with commands.

Quick Reference

Connect to VPS as root with SSH key

ssh -i ~/.ssh/id_ed25519_VirtualPrivateNode root@your_vps_ip

View your public key

cat ~/.ssh/id_ed25519_VirtualPrivateNode.pub

Check SSH configuration

sshd -T | grep -E "passwordauthentication|pubkeyauthentication|usepam|permitrootlogin"