SSH Key Authentication

May 25, 2012

The wonderful hosting company that I use, ServInt, recently published an article titled “SSH Key Authentication“. The article explains how to setup SSH key authentication for your server. By doing so, you can access your server without entering your password. Now, this may sound like a very bad thing, but here’s why it’s not: after setting up SSH key authentication, you can disable password authentication. By doing so, the only way to access the server would be to have the matching SSH key. Attempts to break into the server by guessing the password—or by even knowing the password—would not work. Taking this step effectively prevents anyone from breaking into your server, unless they’ve stolen your computer (in which case, you have many, many problems).

It’s a relatively simple procedure to follow and is highly recommended. If you plan on doing this, make sure you check out the comments section of the post, in which it’s pointed out that this will also impact SFTP. SFTP is just FTP through SSH, so the FTP client you use would need the ability to use the same SSH key in order for this to work.

Thanks, ServInt!