Tired of entering passwords every time you SSH into your server? Or maybe you just want better security? Setting up SSH key-based authentication is the best way to secure your Linux server and log in without passwords.

Here’s how you can set it up in just a few steps.

Why Use SSH Key-Based Authentication?

Instead of relying on passwords, SSH key authentication uses a pair of cryptographic keys:

Public Key → Stored on the server

Private Key → Stored on your local machine

When you try to connect, SSH verifies that your private key matches the public key stored on the server. This method is faster, more secure, and eliminates brute-force attacks.

Step 1: Check for Existing SSH Keys

Before generating a new key, check if you already have one:

ls -l ~/.ssh/id_*

If you see files like id_rsa and id_rsa.pub, that means you already have an SSH key pair and can use it. Otherwise, move to the next step.

Step 2: Generate a New SSH Key Pair

If you don’t have an SSH key pair, create one using:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This command:

  • Generates a 4096-bit RSA key for strong security
  • Adds your email as a comment for identification.

When prompted:

  • Press Enter to save the key in the default location (~/.ssh/id_rsa).
  • (Optional) Set a passphrase for extra security, or leave it blank.

Step 3: Copy the Public Key to the Remote Server

Now, you need to add your public key to the remote server. The easiest way to do this is:

ssh-copy-id user@remote-server

This will:

  • Copy your public key (id_rsa.pub) to the server
  • Add it to ~/.ssh/authorized_keys
  • Set the correct permissions automatically

If ssh-copy-id isn’t installed, you can manually copy the key:

cat ~/.ssh/id_rsa.pub | ssh user@remote-server "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Step 4: Test SSH Key Authentication

Now, test if it works:

ssh user@remote-server

If everything is set up correctly, you should log in without needing a password!

Step 5: Disable Password Authentication (Extra Security Step)

Since you’re now using SSH keys, it’s a good idea to disable password authentication to block unauthorized access.

On the remote server, open the SSH configuration file:

sudo vim /etc/ssh/sshd_config

Find and change these settings:

PubkeyAuthentication yes
PasswordAuthentication no

Restart SSH:

sudo systemctl restart sshd

Now, only users with a valid SSH private key can log in.

Try it out, and let me know if you run into any issues. Drop a comment below!

SSH   Security   Linux
Related Posts:

SSH into Raspberry Pi Zero over USB

Save, Load and Transfer Docker Images Easily

20 Linux Basic Commands You Must Know

A solution for the yellow tint issue on laptop screens