Ubuntu

Setting Up SSH with RSA Key and Password Authentication on Ubuntu

David L.

Mar 8, 2025 — 2 min read

Steps to Achieve This Setup:

1. Install OpenSSH Server (if not already installed):

sudo apt update
sudo apt install openssh-server

2. Create Users (If Not Already Created):

sudo adduser user1  # uses RSA key authentication.
sudo adduser user2  # uses password authentication.

3. Configure SSH for RSA Key Authentication (For user1)

a. Create the .ssh directory for user1:

sudo mkdir -p /home/user1/.ssh
sudo chmod 700 /home/user1/.ssh

b. Generate RSA 4096-bit Key Pair:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/sftp_rsa

-f ~/.ssh/sftp_rsa is to specifies the file path where the key pair will be saved

This creates:

Private key: ~/.ssh/sftp_rsa
Public key: ~/.ssh/sftp_rsa.pub

c. Copy the public key (sftp_rsa.pub) to /home/user1/.ssh/authorized_keys:

sudo nano /home/user1/.ssh/authorized_keys

Paste the contents of sftp_rsa.pub into this file.

d. Set correct permissions:

# Only the file owner can read and write the file:
sudo chmod 600 /home/user1/.ssh/authorized_keys

# set user1 is the owner of their .ssh directory and all files inside it
sudo chown -R user1:user1 /home/user1/.ssh

4. Enable Password Authentication for user2

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Add the following rules at the end of the file:

Match User user1
    PubkeyAuthentication yes
    PasswordAuthentication no
    
Match User user2
    PasswordAuthentication yes

user1 will only use RSA key authentication.
user2 will only use password authentication.

Restart SSH Service:

sudo systemctl restart ssh

Optional: Restrict Users to SFTP Only

If you want users to only use SFTP and prevent SSH shell access, modify /etc/ssh/sshd_config:

Match User user1,user2
    ForceCommand internal-sftp
    ChrootDirectory /sftp
    AllowTcpForwarding no
    X11Forwarding no

Then, restart SSH:

sudo systemctl restart ssh

This will ensure both users can only use SFTP instead of full SSH access.

Connecting to the Server

For user1 (RSA Key Authentication)

On the client machine, rename the private key to .pem for easier use:

mv ~/.ssh/sftp_rsa ~/.ssh/sftp_rsa.pem
chmod 600 ~/.ssh/sftp_rsa.pem

Then, connect using:

ssh -i ~/.ssh/sftp_rsa.pem user1@your-server-ip

For user2 (Password Authentication)

Simply connect using:

ssh user2@your-server-ip

You’ll be prompted to enter the password.

Now your setup allows:

user1 to authenticate with only an RSA key.
user2 to authenticate only with a password.
(Optional) Both users are restricted to SFTP-only access.

If you found this guide helpful, consider supporting me!

ACEMAGICIAN Mini PC Review: Compact Powerhouse for Everyday Use

Overview The ACEMAGICIAN Win11 Mini PC is a compact desktop solution designed for users who need a powerful yet space-saving computer. Featuring the latest 12th Gen Intel Alder Lake N100 processor, 12GB of LPDDR5 RAM, and a 256GB M.2 SSD, this mini PC is perfect for everyday tasks such

SAMSUNG Galaxy S25 Smartphone Review: The Ultimate AI-Powered Device

Where to Buy Ready to elevate your smartphone experience? You can purchase the SAMSUNG Galaxy S25 directly from Amazon by clicking the link below: Buy the SAMSUNG Galaxy S25 on Amazon Product SAMSUNG Galaxy S25 Check on Amazon Overview The SAMSUNG Galaxy S25 is a cutting-edge smartphone designed to meet

How to Manually Configure a Static IP Address in Ubuntu

By default, Ubuntu uses Netplan to manage network configurations. Follow these steps to manually configure a static IP address. Step 1: Check Available Network Interfaces Before modifying the configuration, determine your network interface name. Open the terminal and run: ifconfig -a If ifconfig is not installed, use: ip a Look

How to Install Ollama to Run DeepSeek R1 Locally on Windows and Access the API from Another Computer

Filesystem Requirements Before installing Ollama, make sure your system meets the following requirements: * No Administrator Privileges Needed: Ollama installs in your home directory by default. * Storage Space: * 4GB for the Ollama binary install. * Additional tens to hundreds of GBs for storing large language models. By default, Ollama is installed in