How to make root authorisation by Private Key in Ubuntu 17.0

I made all of this tutorial for clean install of Ubuntu 17.0.
To authorise as root by private/public key pair follow next steps:
  • Change password for root:
    passwd root
  • Login as root in the current session:
    su root
  • Generate key pair:
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa):
    Created directory '/root/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/
    The key fingerprint is:
    SHA256:26YpcKBv83fFREC43gmwORB93G9BgclMNn8hI29pVxI [email protected]
    The key's randomart image is:
    +---[RSA 2048]----+
    |    .o . BB==.E..|
    |    . o +.*=o+ + |
    |     . = . o*.o  |
    |    . + o  o+o   |
    |   . . oSo =     |
    |  . . . .oo o    |
    |   . o  . o.     |
    |    + . .+.      |
    |   . o.oo.       |
  • Check, is your root have bash to login:
    cat /etc/passwd
  • Enable root authentication by password - it needed temporarily:
    mcedit /etc/ssh/sshd_config
    # Authentication:
    #LoginGraceTime 2m
    #PermitRootLogin without-password
    PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
    sudo service ssh restart
  • Next, run
    ssh-copy-id [email protected]
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/"
    The authenticity of host 'localhost (::1)' can't be established.
    ECDSA key fingerprint is SHA256:r4EbeeZlwIEfVIrEhXUVya/ag8wZjXJmfwoMx6ZABaA.
    Are you sure you want to continue connecting (yes/no)? yes
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    [email protected]'s password:
  • Disable root authentication by password - it is not needed now, because wa are setting up authorisation by key. For that check, that in the /etc/ssh/sshd_config parameter PermitRootLogin is equal to without-password:
    mcedit /etc/ssh/sshd_config
    # Authentication:
    #LoginGraceTime 2m
    PermitRootLogin without-password
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
  • Restart sshd:
    sudo service ssh restart
  • Copy .ssh folder to the folder of current user to download with WinSCP:
    cp -r /root/.ssh /home/art
    chown -R art /home/art/.ssh
  • Authorise by your user (in my case, it's user art ) with WinSCP and download .ssh folder to local PC.
  • Rename id_rsa by adding .ppk extension to it - in my case it will be to forum_id_rsa2.ppk.
  • Run WinSCP and add new site like this:
  • Don't set password - leave that field empty.
  • Press Advanced button and select SSH - Authentication:
  • Select your private key and confirm key convertation:

  • Press OK in Settings Window:
  • And save connection settings:
  • Test the connection.
  • After all of these steps you can use your key, converted by WinSCP, with Putty.