I do apologise if this seems a stupid question.
I am struggling with this and probably missing something very basic. Have done the initials - changed password to strong random one. Set up iptables - all ports closed off except port 22 and 80. Fail2Ban running and configured, I will change ssh to another port later. Set up non-root user, let's call him fred - with again a strong password.
Checked sshd config file - using protocol 2. Used puttygen to generate keypair, private key secured with a near-gibberish longish passphrase, loaded private key into pageant. Saved public key to /home/fred/.ssh/authorised_keys then chmod that to 744 and .ssh directory (tried them also at 700 same effect). Changed PasswordAuthorisation in sshd config file to no
Fire up Putty set VPS ip goto to data page and put in fred for username then to ssh>auth page to set attempt using pageant and select the private key file to use. Press open and lo and behold, it asks me for password. I put that in and I am logged on. Why is it using passwords, why ignoring keys?
At my age you can't afford to lose too much hair, but I am pulling it out over this