Server Settings (OpenSSH) |
Last updated on: 2014/10/16
Notice and disclaimer:
At our own initiative, we looked at the SSH login method to a server using public-key authentication from some client platforms.
In this page, we provide an example setting on OpenSSH server.
The illustrations are intended only for the user’s convenience and do NOT represent any endorsement. We do not provide support for these methods because actual behavior strongly depends on each server or client computer. Please forward any question to your server administrator, the network vendor or the developer/distributor.
1: Set up SSH daemon
- Open the daemon configuration file (,which is usually “sshd_config”, but the name and the location of the file may be different depending on OS and distribution).
- You will find the following sentences on about 40th line of the file. Change these lines as follows.
From
#RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys
To
RSAAuthentication yes « If it is "no", change to "yes". PubkeyAuthentication yes « If it is "no", change to "yes". AuthorizedKeysFile .ssh/authorized_keys
- You will find the following sentences on about the 50-60th line of the file. Change the line as follows.
PasswordAuthentication no « If it is "yes", change to "no".
- Restart the SSH daemon. (If you are not sure how to restart only the daemon, restart the whole OS.)
2: Setup user’s public key
How to register the public-key file of a user to allow SSH login to the server is shown below. The server administrator may perform this procedure only when, for some reason, the user is unable to do on his/her own.
- Save the public-key file of the user into the “.ssh” directory (Do not forget the dot.) under their home directory (“$HOME/.ssh” or “~/.ssh”).
If the “.ssh” directory does not exist, create it.
- Copy the public-key file and rename it to “authorized_keys”.
- Confirm that the “Owner” of the “.ssh” directory is the user and the group that the user belongs to. If not, change the ownership of the directory as mentioned.
- Set the directory permission. Change “mod” to “700” or “rwx——“. (type text example: chmod 700 <directory name> )
- Confirm that the “Owner” of the “authorized_keys” file is the user and the group that the user belongs to. If not, change the ownership of the file as mentioned.
- Set the file permission. Change “mod” to “644” or “rw-r–r–“. (type text example: chmod 644 authorized_keys)