Introduction
: Why Passwords are Your Weakest Link
You just bought a new ServerMO Dedicated Server. It’s powerful and fast.
But right now, it’s also a target.
Did you know that within minutes of bringing a server online, automated bots start trying to
guess your root password? This is called a Brute Force Attack. If they guess right, they own
your server.
The solution is NOT a stronger password. The solution is to stop using passwords entirely.
In this guide, we will switch your server to SSH Key Authentication. It’s like trading a
physical key (which can be stolen) for a digital fingerprint (which cannot be guessed).
The "Anti-Lockout" Warning:
Do not skip Phase 1. Never disable password logins until you have successfully logged in
with an SSH Key. If you disable passwords first, you will lock yourself out of your own
server.
Phase 1:
Create and Install Your "Digital Keys"
Before we lock the door, we need to make sure we have the key to open it. We will generate
an SSH Key pair on your local computer (your laptop/PC) and send it to your server.
Step 1: Check for Existing Keys (On Your Computer)
Open your terminal (Terminal on macOS/Linux, or PowerShell on Windows). Type:
- If you see a file ending in
.pub, you already have a key. You can skip to
Step 3. - If you get an error or "No such file," proceed to Step 2.
Step 2: Generate a New SSH Key Pair
In your terminal/PowerShell, run this command:
- Note: We use ed25519 because it is more secure and modern than the older rsa keys.
- It will ask where to save the key. Just press Enter (to use the default location).
- It will ask for a passphrase. You can press Enter for no passphrase, or type one for
extra security.
You now have two files:
- Private Key: (Never share this. This stays on your computer).
- Public Key: (This is what we will upload to the server).
Step 3: Copy the Key to Your ServerMO Server
Now we need to tell your server to trust your computer. The easiest way is the ssh-copy-id
command.
Run this command (replace with your server's actual IP):
- It will ask for your server's root password one last time. Type it in.
- You should see a message: "Number of key(s) added: 1".
Windows Users:
If ssh-copy-id doesn't work in your PowerShell, you can manually copy the content
of your public key file (.ssh/id_ed25519.pub) and paste it into the
~/.ssh/authorized_keys file on your server.
Step 4: The Critical Test
Do not close your current terminal window. Open a new terminal window and try to log
in:
Result:- Success: If you logged in without being asked for a password, Congratulations! Your keys
work. You are safe to proceed to Phase 2.
- Fail: If it still asks for a password, STOP. Do not proceed. Re-check Step 3.
Phase 2:
Disabling Password Authentication (The Config)
Now that your SSH keys are working, we can tell the server to stop accepting passwords. We
will do this by editing the SSH daemon configuration file (sshd_config).
Step 1: Open the Configuration File
Log in to your server (if you aren't already) and open the config file using a text editor
like nano:
nano /etc/ssh/sshd_config
Step 2: The "Peak Level" Settings
We need to find and change three specific lines. Use your arrow keys to scroll down (or
Ctrl+W to search).
Step 1: Open the Configuration File
PasswordAuthentication no
(This stops anyone from logging in with a password.)
-
The Smarter Root Setting: Find PermitRootLogin. Most guides tell you to set this to no.
Don't do that if you still want to log in as root using your key. Instead, use the
modern, safer setting:
PermitRootLogin prohibit-password
(This tells the server: "Root can log in, BUT only if they have a key. No passwords
allowed.")
-
Ensure Keys are Allowed: Make sure this line exists and is set to yes:
Step 3: Save and Exit
- Press Ctrl + O then Enter (to save).
- Press Ctrl + X (to exit).
Step 4: Restart SSH (Apply Changes)
The changes won't happen until you restart the service. Run this command:
(On some older Linux versions, use service sshd restart)
Phase 3:
The Final Verification (Do Not Skip)
CRITICAL WARNING:
Do not close your current SSH connection yet. If you made a typo in the config file, you
might be locked out.
- Keep your current terminal window OPEN.
- Open a NEW terminal window (or tab).
- Try to log in again: ssh root@YOUR_SERVER_IP
The Moment of Truth:
- Scenario A (Success): You log in instantly without a password prompt. You are secure.
- Scenario B (The Test): Try to force a password login:
ssh -o PreferredAuthentications=password -o
PubkeyAuthentication=no root@YOUR_SERVER_IP.
- It should say: Permission denied (publickey).
- This proves passwords are truly disabled.
What if you are locked out? If you messed up the config and can't get back in, don't panic.
Since you are a ServerMO customer, you have a secret weapon: IPMI / KVM Console.
- Log in to your ServerMO Client Area.
- Launch the IPMI/KVM Console.
- This gives you "physical" access to the screen. You can log in here using your root password (IPMI bypasses SSH settings) and fix the sshd_config file.
Conclusion:
You Are Now "Brute-Force Proof"
Congratulations. By disabling password logins, you have instantly protected your server from 99% of automated attacks. Bots can guess passwords all day long—they will never guess your private key.
Get a Secure Linux Dedicated Server Now
