This post is automatically translated with LLM. The translation content has NOT been reviewed and may contain errors.
Most people use passwords to log into a Linux shell remotely. Not only is it tedious, but if you use the same password everywhere and encounter an incident like the CSDN 6 million password leak, your VPS is essentially compromised. Therefore, we can replace passwords with a more convenient and secure method: RSA-encrypted certificate files.
First, we need to generate a certificate.
cd ~/.ssh
ssh-keygen -t rsaAt this point, your .ssh directory should contain two new files: id_rsa.pub and id_rsa. The latter is your private key—keep it secure—while the former is your public key, which can be shared publicly. Next, we'll configure our VPS.
Upload your id_rsa.pub to the server's ~/.ssh directory using FileZilla or WinSCP, and rename it to authorized_keys. Note that this file must be placed under the target user's .ssh directory (e.g., /root/.ssh for root, /home/lantian/.ssh for lantian). Then adjust the OpenSSH settings:
cd /etc/ssh
nano sshd_configModify the following settings:
RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords noAfter saving, run service ssh restart. Disconnect and reconnect via SSH—if you log in with just your username, it's successful. If prompted for a password, review the previous steps. Once confirmed, you can further enhance security by disabling password login:
PasswordAuthentication noFor added security, log in via SSH and set the authorized_keys file permissions to 600 and the .ssh directory to 700. On your local machine, similarly set both key files to 600 and the .ssh directory to 700. This significantly improves security.