How to Set up SSH Key Authentication on Linux

how to set up ssh key authentication on linux

With brute-force attacks becoming more and more common, it’s best to prevent any malicious users from ever being able to attempt to guess your password. That’s why it’s important to set up SSH key authentication on your Linux server. Using key-based authentication is a lot safer and can pretty much never be guessed by anyone else. It’s also super easy to set up. Let’s get right into it.

1. Creating your own SSH key

On your local machine, you need to generate a new pair of keys in order to set up SSH key authentication. To do that, we’ll run:

ssh-keygen

You can then hit enter until the key is created. Or, if you want, you can setup a password on the step:

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Please keep a note of this password, as it will be required for every access to the server.

2. Copy your key to your Linux Server with ssh-copy-id

After your key is copied, there’s another command where you can copy your key to your server without needing to edit/add to the authorized_keys file manually. You can do that by running the following:

ssh-copy-id user@host -p port_number

Just remember to change the username user to your actual username, and host to your server’s hostname or IP address. This will automatically copy your public key to your server, and after that, you can try to ssh to your server. You should not be prompted to provide a password, and you’ll be automatically logged in. To test it out, run:

ssh user@host -p port_number

2.1. Copy your key when ssh-copy-id is not available

In some systems, you might not have the command ssh-copy-id available, in that case, you’ll need to do it over a traditional SSH connection. To do that, we’ll run the following pre-made command. This will work on Linux systems:

cat ~/.ssh/id_rsa.pub | ssh user@host -p port_number "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 700 -R ~/.ssh"

Just remember to change the username user to your actual username, and host to your server’s hostname or IP address. This should do all the work for you – that one line will copy your local key to your server and insert it into your authorized_keys file.

You can test it after you run this command by trying to SSH into your server:

ssh user@host -p port_number

Set up SSH key authentication on Windows

Windows doesn’t come with the commands we show in step 2.1, so here is what you need to do to set up SSH key authentication if you’re running Windows. This guide’s steps are meant for readers that are running Windows 11.

First, open the Terminal application (not as an administrator). You’ll then need to run the ssh-keygen.exe command, like so:

PS C:\Users\rosehosting> ssh-keygen.exe

You’ll then get a few questions. You can use the default directory, and then set no passphrase (you can also set one if you prefer, but you’ll need to enter your passphrase every time you want to authenticate using your key. Here’s how our output looked:

Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\rosehosting/.ssh/id_rsa):
Created directory 'C:\\Users\\rosehosting/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\rosehosting/.ssh/id_rsa
Your public key has been saved in C:\Users\rosehosting/.ssh/id_rsa.pub

You now have a saved keypair. You will now need to copy the public key (the one named id_rsa.pub) to your server. First, print the public key in your terminal and copy it:

PS C:\Users\rosehosting> cat .\.ssh\id_rsa.pub

Then SSH into your server:

PS C:\Users\rosehosting> ssh.exe user@host -p port_number

Run this command to create the folder where your SSH public key will be stored:

mkdir -p ~/.ssh

You can then open a new file using your preferred text editor. We’ll use nano:

Need a fast and easy fix?
✔ Unlimited Managed Support
✔ Supports Your Software
✔ 2 CPU Cores
✔ 2 GB RAM
✔ 50 GB PCIe4 NVMe Disk
✔ 1854 GeekBench Score
✔ Unmetered Data Transfer
NVME 2 VPS

Now just $43 .99
/mo

GET YOUR VPS
nano ~/.ssh/authorized_keys

Paste your public key into the file, save, and exit. You then need to update the file permissions on the new folder and file:

chmod 700 -R ~/.ssh

With that, your key access should be all set up. You can now log out of your server and try to log back in. You should not be prompted to enter a password anymore.

4. Disable password authentication on the server (OPTIONAL)

If you want to keep your server even more secure, you can disable the password authentication on your server. This means all users on the system will have to use ssh keys to log into it. SSH keys are more secure than passwords because they provide a stronger and more resilient authentication method. Unlike passwords which can be susceptible to brute-force attacks and other vulnerabilities, SSH keys use a pair of cryptographic keys for authentication. This makes it significantly harder for unauthorized users to gain access, enhancing overall security. Additionally, SSH keys eliminate the need to transmit passwords over the network, reducing the risk of interception and unauthorized access.

To disable password authentication, you need to edit the SSH server configuration file on your server:

sudo nano /etc/ssh/sshd_config

In there, you should find the line PasswordAuthentication – set it to no:

PasswordAuthentication no

After you finish the edit and close the file, you can restart your SSH service, and you should be good to go:

systemctl restart ssh

That’s it! You successfully configured your server to use SSH keys instead of passwords. This will make your server even more secure against potential brute force attacks, anyone knowing your password, etc. If you have an active Managed Linux VPS server with us, you don’t need to do anything from above – you can submit a support ticket to our team with your public key and our team will add it for you.

Leave a Comment