Sign in Subscribe
Ubuntu

Setting Up SSH with RSA Key and Password Authentication on Ubuntu

David L.

David L.

2 min read
Setting Up SSH with RSA Key and Password Authentication on Ubuntu

Steps to Achieve This Setup:

1. Install OpenSSH Server (if not already installed):

sudo apt update
sudo apt install openssh-server

2. Create Users (If Not Already Created): 

sudo adduser user1  # uses RSA key authentication.
sudo adduser user2  # uses password authentication.

3. Configure SSH for RSA Key Authentication (For user1)

a. Create the .ssh directory for user1:

sudo mkdir -p /home/user1/.ssh
sudo chmod 700 /home/user1/.ssh

b. Generate RSA 4096-bit Key Pair:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/sftp_rsa

-f ~/.ssh/sftp_rsa is to specifies the file path where the key pair will be saved

This creates:

  • Private key: ~/.ssh/sftp_rsa
  • Public key: ~/.ssh/sftp_rsa.pub

c. Copy the public key (sftp_rsa.pub) to /home/user1/.ssh/authorized_keys:

sudo nano /home/user1/.ssh/authorized_keys

Paste the contents of sftp_rsa.pub into this file.

d. Set correct permissions:

# Only the file owner can read and write the file:
sudo chmod 600 /home/user1/.ssh/authorized_keys

# set user1 is the owner of their .ssh directory and all files inside it
sudo chown -R user1:user1 /home/user1/.ssh

4. Enable Password Authentication for user2

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Add the following rules at the end of the file:

Match User user1
    PubkeyAuthentication yes
    PasswordAuthentication no
    
Match User user2
    PasswordAuthentication yes
    • user1 will only use RSA key authentication.
    • user2 will only use password authentication.

Restart SSH Service:

sudo systemctl restart ssh

Optional: Restrict Users to SFTP Only

If you want users to only use SFTP and prevent SSH shell access, modify /etc/ssh/sshd_config:

Match User user1,user2
    ForceCommand internal-sftp
    ChrootDirectory /sftp
    AllowTcpForwarding no
    X11Forwarding no

Then, restart SSH:

sudo systemctl restart ssh

This will ensure both users can only use SFTP instead of full SSH access.

Connecting to the Server

For user1 (RSA Key Authentication)

On the client machine, rename the private key to .pem for easier use:

mv ~/.ssh/sftp_rsa ~/.ssh/sftp_rsa.pem
chmod 600 ~/.ssh/sftp_rsa.pem

Then, connect using:

ssh -i ~/.ssh/sftp_rsa.pem user1@your-server-ip

For user2 (Password Authentication)

Simply connect using:

ssh user2@your-server-ip

You’ll be prompted to enter the password.

Now your setup allows:

  • user1 to authenticate with only an RSA key.
  • user2 to authenticate only with a password.
  • (Optional) Both users are restricted to SFTP-only access.

If you found this guide helpful, consider supporting me!

Read more