A Developer Diary

Notes on Java, PHP, Python and etc.

How to make root authorisation by Private Key in Ubuntu 17.0

I made all of this tutorial for clean install of Ubuntu 17.0.
To authorise as root by private/public key pair follow next steps:
  • Change password for root: 
    passwd root
  • Login as root in the current session: 
    su root
  • Generate key pair: 
    ssh-keygen


Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:26YpcKBv83fFREC43gmwORB93G9BgclMNn8hI29pVxI [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|    .o . BB==.E..|
|    . o +.*=o+ + |
|     . = . o*.o  |
|    . + o  o+o   |
|   . . oSo =     |
|  . . . .oo o    |
|   . o  . o.     |
|    + . .+.      |
|   . o.oo.       |
+----[SHA256]-----+
  • Check, is your root have bash to login: 
    cat /etc/passwd


root:x:0:0:root:/root:/bin/bash
  • Enable root authentication by password - it needed temporarily: 
    mcedit /etc/ssh/sshd_config
    # Authentication:

#LoginGraceTime 2m
#PermitRootLogin without-password
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

    sudo service ssh restart
  • Next, run 
    ssh-copy-id [email protected]


/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:r4EbeeZlwIEfVIrEhXUVya/ag8wZjXJmfwoMx6ZABaA.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
  • Disable root authentication by password - it is not needed now, because wa are setting up authorisation by key. For that check, that in the /etc/ssh/sshd_config parameter PermitRootLogin is equal to without-password: 
    mcedit /etc/ssh/sshd_config
    # Authentication:

#LoginGraceTime 2m
PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
  • Restart sshd: 
    sudo service ssh restart
  • Copy .ssh folder to the folder of current user to download with WinSCP: 
    cp -r /root/.ssh /home/art
chown -R art /home/art/.ssh
  • Authorise by your user (in my case, it's user art ) with WinSCP and download .ssh folder to local PC.
  • Rename id_rsa by adding .ppk extension to it - in my case it will be to forum_id_rsa2.ppk.
  • Run WinSCP and add new site like this:
  • Don't set password - leave that field empty.
  • Press Advanced button and select SSH - Authentication:
  • Select your private key and confirm key convertation:




  • Press OK in Settings Window:
  • And save connection settings:
  • Test the connection.
  • After all of these steps you can use your key, converted by WinSCP, with Putty.