I'm new to system administration and I am trying to setup (/secure) my first VPS.To my understanding using Keys are "safer" than using passwords, so here I am trying to do just that.
I've tried a few things before writing this post:
- I tried generating a key ON my VPS server using
ssh-keygen -t rsa -b 4096. - Afterwards I did
cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys id_rsa.pub - I then copied the contents of the private key using
cat /root/.ssh/id_rsaand imported it on BitVise.
I also tried the other way around, I generated the key on BitVise and then did the exact process but in reverse. Copied the public key onto my SSH server.
Finally I tried to use PuTTY thinking perhaps it's a BitVise issue, but no, still getting denied...
Every time I made a change to the the config file I would reboot
Additional information:
- I ran
apt update&apt upgradebefore doing the things I mentioned above. - I am able to login using passwords, just not keys...
- I double checked and my id_rsa.pub is located @
/root/.ssh/authorized_keysand the contents are there
Here is my /etc/ssh/sshd_config:
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $# This is the sshd server system-wide configuration file. See# sshd_config(5) for more information.# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin# The strategy used for options in the default sshd_config shipped with# OpenSSH is to specify options with their default value where# possible, but leave them commented. Uncommented options override the# default value.Include /etc/ssh/sshd_config.d/*.confPort XXXXX#AddressFamily any#ListenAddress 0.0.0.0#ListenAddress ::#HostKey /etc/ssh/ssh_host_rsa_key#HostKey /etc/ssh/ssh_host_ecdsa_key#HostKey /etc/ssh/ssh_host_ed25519_key# Ciphers and keying#RekeyLimit default none# Logging#SyslogFacility AUTH#LogLevel INFO# Authentication:LoginGraceTime 2mStrictModes yesMaxAuthTries 6MaxSessions 10PubkeyAuthentication yes# Expect .ssh/authorized_keys2 to be disregarded by default in future.AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2#AuthorizedPrincipalsFile none#AuthorizedKeysCommand none#AuthorizedKeysCommandUser nobody# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts#HostbasedAuthentication no# Change to yes if you don't trust ~/.ssh/known_hosts for# HostbasedAuthentication#IgnoreUserKnownHosts no# Don't read the user's ~/.rhosts and ~/.shosts files#IgnoreRhosts yes# To disable tunneled clear text passwords, change to no here!#PasswordAuthentication yesPermitEmptyPasswords no# Change to yes to enable challenge-response passwords (beware issues with# some PAM modules and threads)ChallengeResponseAuthentication no# Kerberos options#KerberosAuthentication no#KerberosOrLocalPasswd yes#KerberosTicketCleanup yes#KerberosGetAFSToken no# GSSAPI options#GSSAPIAuthentication no#GSSAPICleanupCredentials yes#GSSAPIStrictAcceptorCheck yes#GSSAPIKeyExchange no# Set this to 'yes' to enable PAM authentication, account processing,# and session processing. If this is enabled, PAM authentication will# be allowed through the ChallengeResponseAuthentication and# PasswordAuthentication. Depending on your PAM configuration,# PAM authentication via ChallengeResponseAuthentication may bypass# If you just want the PAM account and session checks to run without# PAM authentication, then enable this but set PasswordAuthentication# and ChallengeResponseAuthentication to 'no'.UsePAM yes#AllowAgentForwarding yes#AllowTcpForwarding yes#GatewayPorts noX11Forwarding yes#X11DisplayOffset 10#X11UseLocalhost yes#PermitTTY yesPrintMotd no#PrintLastLog yes#TCPKeepAlive yes#PermitUserEnvironment no#Compression delayed#ClientAliveInterval 0#ClientAliveCountMax 3#UseDNS no#PidFile /var/run/sshd.pid#MaxStartups 10:30:100#PermitTunnel no#ChrootDirectory none#VersionAddendum none# no default banner path#Banner none# Allow client to pass locale environment variablesAcceptEnv LANG LC_*# override default of no subsystemsSubsystem sftp /usr/lib/openssh/sftp-server# Example of overriding settings on a per-user basis#Match User anoncvs# X11Forwarding no# AllowTcpForwarding no# PermitTTY no# ForceCommand cvs serverPermitRootLogin no