Increase Server Security Using Public-Key Authentication

This article tells you how to increase the security of your servers by using public-key authentication.

Using the SSH network protocol, you can create a secure and encrypted network connection to a remote device, Such as a server. With such an SSH connection, you wait for the server from your local computer or use it by command line. Depending on the protocol used, different encryption algorithms are used - SSH-2, for example, accesses AES by default. The encryption of the connection must be preceded by a successful authentication first.

While the server identifies itself against the client with a security certificate, there are several variants for logging the client to the server. In addition to the well-known classical authentication with user name and password, you can also use public-key authentication. Public key authentication uses a private and public key for user authentication. The public key can be additionally protected by a password.

The public key must be stored in the Cloud Panel to enable public key authentication. You can then assign the public key to one or more servers during server creation. If necessary, you can also assign multiple public keys to a server. The public key is automatically entered into the file root/.ssh/authorized_keys during the creation of the server. The private key is stored locally on your own computer. After the server is created, the user can log on to the server without a login password using the public key. If necessary, enter the password with which the public key is protected.

The use of public key authentication provides the following advantages:

  • Only the public key is stored on the server.

  • Even if unauthorized persons get to the public key, it is almost impossible for them to calculate the appropriate private key from this.

  • The public key can verify signatures generated by the private SSH key, enabling automatic logon to the server.

To protect your server even more effectively, you can also disable the SSH password authentication. You can make this setting while creating a new server. If you disable the SSH password authentication, the user can only log on to the server using public-key authentication. Authentication by means of password input is only possible in this case if the user logs into the server using the KVM console or the VNC console.


Did this article help you?

Your feedback helps us to further improve our services. To leave feedback, log in to your IONOS account by clicking on the login button at the top right. You can then submit a rating below the article.