Using Public-key Authentication for SFTP on VPS Plans

The use of a public/private key pair with SSH allows for more secure authentication to the server without having to use a password. This article explains how to generate and install a public key on your VPS to use with SFTP & SSH logins.

Note: You will need to do this for every system user that wishes to use this method of authentication.

Note: Replace USER_NAME with the user name of the system user you wish to log in as, SERVER with your domain name and HOST_NAME with the name of your VPS. The last command will prompt you for the password for USER_NAME.

Instructions of *nix & OSX

On a command line application in your computer, type the following:

Next, you will need to log in to the VPS via SSH. At this point you will still be prompted for the password.

To test that everything has worked, logout from SSH & try to log in again with:

This time it should not prompt you for a password.

Instructions of Windows

  1. Download & Install PuTTY using the Windows Installer
  2. Launch PuTTYGen from Start > PuTTY > PuTTYGen
  3. Leave the default settings & press the Generate button
    PuTTYGen Start Window
    PuTTYGen generation cycle
  4. You should now see the public key string
    PuTTYGen generated key
  5. Copy & paste the text under “Public key for pasting into OpenSSH authorized_keys file” to a text editor like Notepad and save it to a known location.
  6. Then click “Save Private Key” button to save the private key file to your computer. Save this to the same location as the public key file. You can close PuTTYGen after this
  7. Upload the public key file to the /home/USER_NAME folder of your server
  8. Launch PuTTY from Start > PuTTY > PuTTY
  9. Set the value of Host Name to be SERVER
  10. Click Open. You will be presented with a terminal window
  11. Log in with the credentials for USER_NAME
  12. From the terminal window, run:

You can then test that this is working by setting up a PuTTY profile for USER_NAME with the private key and trying to log into the SERVER. This time it should not prompt you for a password.

Disable Password Authentication – Optional

Now that you have key pairs setup for your system users. It may be a good idea to disable password authentication to mitigate the possibility of an attacker guessing your passwords.

To do this, log into server via SSH with the root user or a user that has root permissions. Edit the configuration for SSH found in /etc/ssh/sshd_config in your favorite command line editor as follows.

Change: #PasswordAuthentication yes to PasswordAuthentication no

Save the file and run

Note that this has the downside that should you need to log in with a computer that has not been setup with a copy of the private key, you will not be able to do this.