How to log in via ssh?

W

WebDev2016-11-04 10:48:55

linux

WebDev, 2016-11-04 10:48:55

On the ubuntu server, I connect via ssh as root via login and password. They say that this is bad and you need to log in with a key. I have a few questions:
1) Do I understand the order of connecting by key correctly:
- Generate public and private keys
- Add a public key on the server to ~/.ssh/authorized_keys
- Connect using a private key from the client
2) If correct, then for which user should these keys be made?
3) They write that it is better to disable the ability to connect via ssh under root (PermitRootLogin no). Will this setting disable the ability to connect in any way? And password and key? It turns out that the root password will be needed only for sudo?
As far as I understand, the picture is as follows: we create a key for some user, we prohibit access via ssh for root. That is, we never go under the root at all.
What to do in this case if, for example, you lose the user's private key?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sergey Evstifeev, 2016-11-04
@kirill-93

You understand everything correctly.
You will only need the root password to connect locally (not via SSH).
For sudo, you do not use the root password, but the password from your user (the root password is needed for the su command)
If you have lost the user key, then log in locally using the password and make a new key.
If it's a VPS they should have a VNC console if it's a Dedik then IPMI
You can use any user you created (do not forget to add it to sudousers) Link
I also advise you to change the ssh port from 22 to some other 2022 for example. (Bots mostly only scan standard ports)