Key-Only SSH on an Anubiz Offshore VPS
The Anubiz panel hands you an initial password from the cloud image. The first thing to do on any new VPS is push your SSH public key and disable password auth. This guide covers the gotcha: the cloud image installs an sshd_config.d drop-in that overrides parts of the main config, so naive edits to /etc/ssh/sshd_config look applied but aren't. Walkthrough uses ed25519 keys, the right drop-in path, and verifies before disabling password to avoid lockout.
Need this done for your project?
We implement, you ship. Async, documented, done in days.
Step 1: Generate ed25519 Key
On your laptop: ssh-keygen -t ed25519 -C 'anubiz-prod-laptop'. ed25519 is shorter, faster and more secure than RSA. Store the passphrase in your password manager.
Step 2: Push Public Key
ssh-copy-id -p 22 root@vps-ip using the panel-issued password. Confirm a second SSH session works with the key before moving on - do not close the first session yet.
Step 3: Drop-In Config
Create /etc/ssh/sshd_config.d/99-anubiz-hardening.conf with: PermitRootLogin prohibit-password, PasswordAuthentication no, KbdInteractiveAuthentication no, PubkeyAuthentication yes. The 99- prefix loads after the cloud image's drop-in.
Step 4: Reload and Test
sshd -t validates the config. systemctl reload ssh. From a NEW terminal: ssh root@vps-ip with the key. Confirm a password attempt fails: ssh -o PreferredAuthentications=password root@vps-ip should be rejected immediately.
Step 5: Backup Keys, Rotate Annually
Print the private key (or store in a hardware token like YubiKey - see the YubiKey guide). Rotate once a year by generating a new key, appending to authorized_keys, removing the old, testing.
Related Services
Why Anubiz Host
Ready to get started?
Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.