So easy to miss, but so important for SSH Private Key Authentication

I don’t allow password logins on any of my servers. Can only login via SSH key based authentication. No root login is allowed, and I specify every user that’s allowed to login via SSH, ie: me.

If you’re a regular here, you know I love DigitalOcean. They have a very nice tutorial on setting up SSH private key login, even walking you through creating SSH keys if you don’t already have one, and even adding that key to your DigitalOcean account.

None of that will be of interest to you if you already know how to generate SSH keys.

I’ll SSH into my new Droplet, only to be rejected. I immediately know why, because it’s happened so many times. It’s due to incorrect permissions on your Droplet, VPS, server, whatever.

For SSH private key authentication to work, the ~/.ssh/authorized_keys file and the ~/.ssh folder need specific permissions:

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

Run that, and then try logging in via SSH to your Droplet from your local machine. Should go this time.

If you still can’t login to your remote system, something else is likely wrong. If that’s the case, you’ll want to start at the top of the DigitalOcean post about setting up SSH private key authentication and just follow the steps.

After you’ve followed those steps, change permissions on the ~/.ssh/authorized_keys file again and on the ~/.ssh folder again. Like so from your terminal:

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

I’m curious…

If you do allow password logins, I’d love to hear what scenario causes you to need to allow password logins. Let me know in the comments if you don’t mind.