A quick how to post on how to setup public key authentication for root in Sophos UTM 9.x. If you want to enable root to have SSH access inside of Sophos UTM, you are required to setup public key authentication keys as there is no option otherwise. The dropdown specifies Root access but only with SSH key.
The GUI interface here in Sophos is not very intuitive however, you get a box that is called Authorized Keys for root with a green + sign to add a value. But what do you add here? Is this a path to your public key or the key itself? Actually, it is the public key itself that you need to copy and past here. How do we get the public key to paste inside of the box? We can use the puttygen utility to generate a public and private key for using to authentication with our Sophos UTM.
The puttygen application is pretty self explanatory, however, just a quick run down of the basics here. When you launch puttygen, you are confronted with only a couple of options. What we want to do is Generate a new key pair for using to authenticate in Sophos.
The most annoying part of puttygen is that you have to move your mouse around to generate some random movement for it to generate the key pair. Be sure to assign a password to your private key. Before you exit out of puttygen, copy and paste the public key into the box inside of Sophos for the Authorized Keys for root configuration.
After you have generated your keys, pasted the public key inside of Sophos and allowed root SSH access, you need to setup a putty session that uses the SSH keyfile for authentication. You will find that configuration below in your putty session >> SSH >> Auth >> Private key file for authentication.
For more tips on setting up public factor authentication along with Duo, check out Secure SSH with Public Key Authentication and Two Factor with Duo.