What is an SSH key?

An SSH key refers to a so-called “key pair” that can be used for safer and easier server login instead of using passwords.

When using a key pair, an attacker cannot guess your password; they would need the key, which only you have.

 

Why SSH keys are useful

SSH keys are related to security and remote connections. SSH (Secure Shell) is a protocol that allows you to connect securely to a computer, server, or even a cloud service.

Typically, people connect to servers via SSH using passwords. But there are a couple of problems with this:

  • Passwords can be weak or stolen.

  • You often have to type passwords, which is inconvenient if you connect many times a day.

SSH keys make this easier and more secure.

 

SSH keys consist of two pieces of secret information:

  • Private key – stays on your computer and is never sent anywhere.

  • Public key – placed on the server you want to connect to.

 

When you try to connect to a server:

  • The server checks that you have the corresponding private key.

  • If the keys match, you can log in without a password.

 

Setting up SSH keys

Generate a key pair on your computer:

ssh-keygen -t ed25519

(On Windows: ssh-keygen.exe)

Copy the public key to the server:

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server

 

If ssh-copy-id is not available or the command fails:

 

Do it manually

Linux:

Display the contents of the public key and copy the entire line (it starts with ssh-ed25519 and ends with your username).

 

cat ~/.ssh/id_ed25519.pub

Log in to the server using a password:

ssh user@server

 

On the server:

mkdir -p ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys

Paste the key at the end of the file on a single line.
Save (Ctrl+O, Enter) and exit (Ctrl+X).

Set the permissions:

chmod 600 ~/.ssh/authorized_keys

Test the login

Log out of the server and try again:

ssh käyttäjä@palvelin

If everything worked, you will no longer need to enter the server password.

 

Windows:

Open PowerShell and enter the command:

Get-Content $env:USERPROFILE\.ssh\id_ed25519.pub

Copy the entire key line (it starts with ssh-ed25519 and ends with your username).

Connect to the server using a password:

ssh user@server

On the server:

mkdir -p ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys

Paste the key at the end of the file on a single line.
Save (Ctrl+O, Enter) and exit (Ctrl+X).

Set the permissions:

chmod 600 ~/.ssh/authorized_keys

Test the login

Log out of the server and try again:

ssh user@server

If everything worked, you will no longer need to enter the server password.

 

Test login:

ssh user@server

If successful, no password will be required.


Disabling password and root login

Once SSH key login is working, you can disable both password login and direct root login for better security.

Edit the SSH server configuration file:

sudo nano /etc/ssh/sshd_config

Enable public key authentication

PubkeyAuthentication yes

Disable password login and root login

PasswordAuthentication no
PermitRootLogin no

 

Save the file and restart the SSH service:

 

On RedHat/Fedora/CentOS

sudo systemctl restart sshd

On Debian/Ubuntu:

sudo systemctl restart ssh

(On older systems: sudo service ssh[d] restart)

 

Now your server will:

  • Accept only SSH key authentication

  • Block root login over SSH

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Establishing an SSH connection to the server

1. Install the OpenSSH server (if not already installed) sudo apt install openssh-server...
Linux Security

1. Creating a New User The user creation is performed from the command line as follows:...
How to change your password in Linux server?

In this guide I will show you how to change your password in Linux server. Logging into a VPS...
How to deploy a linux server

Welcome to the guide on how to set up a Linux server. In this guide, we’ll go through choosing...
Basics of Linux Os

Introduction Linux distributions differ from each other in many ways, but one of the most...