How to Set Up SSH Keys for Secure Linux Server Access

📅 Published on September 29, 2025 👤 by admin ⏱️ 2 min read
How-To's Linux

Introduction

SSH keys provide a more secure method of logging into a Linux server than using a password alone. This comprehensive guide will walk you through setting up SSH key-based authentication for enhanced security.

What are SSH Keys?

SSH keys are a pair of cryptographic keys that can be used to authenticate to an SSH server as an alternative to password-based logins. A key pair consists of a public key and a private key. The private key is kept secret and secure on your local machine, while the public key is shared with the servers you want to access.

Prerequisites

  • A Linux server with SSH access
  • A local machine (Linux, macOS, or Windows with SSH client)
  • Basic command line knowledge

Step 1: Generate SSH Key Pair

On your local machine, open a terminal and run:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This command creates a new SSH key using RSA encryption with 4096-bit strength. When prompted:

  • Press Enter to save the key in the default location (~/.ssh/id_rsa)
  • Enter a strong passphrase (recommended) or press Enter for no passphrase

Step 2: Copy Public Key to Server

Use the ssh-copy-id command to copy your public key to the server:

ssh-copy-id username@server_ip_address

Replace “username” with your actual username and “server_ip_address” with your server’s IP address.

Step 3: Test SSH Key Authentication

Try logging into your server:

ssh username@server_ip_address

If everything is configured correctly, you should be logged in without entering your password (only the SSH key passphrase if you set one).

Step 4: Disable Password Authentication (Optional but Recommended)

For maximum security, disable password authentication:

  1. Open the SSH configuration file: 
    sudo nano /etc/ssh/sshd_config
  2. Find and modify these lines: 
    PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
  3. Restart SSH service: 
    sudo systemctl restart ssh

Best Practices

  • Always use a passphrase for your private key
  • Keep your private key secure and never share it
  • Use different key pairs for different servers
  • Regularly rotate your SSH keys
  • Consider using SSH agent for convenience

Troubleshooting

If you encounter issues:

  • Check file permissions: ~/.ssh should be 700, authorized_keys should be 600
  • Verify the public key was added correctly to ~/.ssh/authorized_keys
  • Check SSH daemon logs: sudo journalctl -u ssh

Conclusion

SSH key authentication significantly improves your server security by eliminating password-based attacks. Follow this guide to implement robust authentication for your Linux servers.

Add Comment