by siyb

This should be a well known issue, just posting it here in case you didn’t know or forgot how to do it :>. This guide will describe how you can restrict ssh access to your server/desktop to the keys located in the user’s ‘authorized_keys’ file.
Lets assume we want to restrict access to ALL accounts except for user root, using a Desktop (DT) and a Server (SV), let’s also assume that DT is the computer which wants to access SV.

Run the following command as ROOT

root@DT:/ ssh-keygen

Save the key to the default file. After that cat the following file:

root@DT:/ cat /root/.ssh/id_rsa.pub

And copy the key to SV:

root@SV:/ nano /root/.ssh/authorized_keys

Save the file and restart your sshd on SV. Now check if your are able to access your server with your passphrase, do that by connecting to your shell via SSH as usual.

root@SV:/ /etc/init.d/sshd restart

root@DT:/ ssh host.of.SV

You should get a line like:

Enter passphrase for key ‘/root/.ssh/id_rsa’:

Which refers to the file on DT which contains the rsa-key created with ssh-keygen. If everything works fine you can edit your /etc/ssh/sshd_config file using your favourite editor and change ‘PasswordAuthentication’ to no, doing that will disallow users whose keys are not in the authorized_keys file of the specific user on the server to connect via ssh. This also means that you have to create a keyfile for every user on your SV in order to grant them access. One advantage of this method is that you can remove a user’s priviledge (eg if you have one or two users sharing the root account) by just removing his key from the file.