Set Up SSH Keys for Login & Secure Your Server
Stop using weak passwords. Learn how to set up SSH keys for login on your VPS or cloud server. Boost your security and simplify access in minutes.
What Are SSH Keys and Why Should You Care?
Using SSH keys for login is the most secure and convenient way to access your remote server. Instead of a password that can be guessed or stolen, you use a cryptographic key pair: a private key that stays on your computer, and a public key that you place on the server. When you connect, your computer proves it has the matching private key without ever revealing it. This makes brute-force password attacks completely useless against your server.
Think of it like this: a password is a secret you tell the bouncer at a club. If someone overhears it, they can get in. An SSH key is like having your fingerprint on file; only you can open the door, and you don't have to shout a secret across the room. For anyone running a VPS or cloud server, ditching passwords for keys isn't just a best practice—it's the first real step toward professional-grade server security.
Step 1: Generate Your Key Pair on Your Local Computer
Your first task is to create your unique public and private key pair. This is done on your local machine, not the server. If you're on a Mac or Linux (or using Windows Subsystem for Linux), open your terminal and run a single, simple command: `ssh-keygen -t rsa -b 4096`. The tool will prompt you to choose a file location (the default is fine) and to set an optional passphrase.
We strongly recommend you create a strong passphrase. This encrypts your private key on your own computer. So, even if your laptop gets stolen, your server keys aren't immediately compromised. After the command finishes, you'll have two new files in your `~/.ssh/` directory: `id_rsa` (your secret private key, never share this!) and `id_rsa.pub` (your public key, which is safe to share and copy to servers).
Step 2: Install the Public Key on Your Remote Server
Now you need to tell your server to trust your public key. The easiest way by far is to use a utility designed for exactly this purpose. From your local machine's terminal, run `ssh-copy-id user@your_server_ip`. This command automatically connects to your server (using your password this one last time), finds the correct file, adds your public key to it, and sets the right permissions. It's foolproof.
If `ssh-copy-id` isn't available or fails, you can do it manually. First, copy the contents of your public key (`id_rsa.pub`) to your clipboard. Then, SSH into your server with your password, and paste the key into a new line in the `~/.ssh/authorized_keys` file. You may need to create the `.ssh` directory and the `authorized_keys` file first. Crucially, you must then set strict permissions: `chmod 700 ~/.ssh` and `chmod 600 ~/.ssh/authorized_keys`. Incorrect permissions will cause the login to fail.
Step 3: Test and Disable Password Authentication
This is the most critical part. Before you do anything else, open a *new* terminal window and try to log in to your server: `ssh user@your_server_ip`. It should connect you without asking for a server password (it may ask for your key's passphrase if you set one). If it works, congratulations! If not, retrace your steps—do not proceed until it works.
Once you've confirmed your key-based login is functional, it's time to lock the front door for good. On your server, you need to edit the SSH service configuration file, usually located at `/etc/ssh/sshd_config`. Open this file as a root user and find the line that says `PasswordAuthentication yes`. Change this to `PasswordAuthentication no`. Save the file and then restart the SSH service (e.g., `sudo systemctl restart sshd`). This completely disables password logins, leaving SSH keys as the only way in and massively upgrading your server's security posture.