Search here...
Search

Strengthen Your SSH Setup with Public Key Authentication

Editorial Staff
By Editorial Staff

Table of Contents [minimize]

Prerequisites

The remote system should have an SSH server (such as OpenSSH) installed and running to accept SSH connections
SSH Client Installed on Local Machine
Access to the Remote Machine

Introduction

When it comes to securing remote server access, SSH (Secure Shell) is a powerful tool, but relying on passwords alone can leave your system vulnerable. Fortunately, SSH offers a more secure and efficient method of authentication—Public Key Authentication. This method not only enhances security by eliminating the risk of password-based attacks but also provides a more convenient, password-free login experience.

In this post, we'll walk you through how to set up SSH with Public Key Authentication, step by step, and explain why it's a crucial upgrade for anyone looking to secure their server access. Whether you're a beginner or looking to reinforce your existing setup, you'll learn how to use this robust method to ensure your SSH connections are safe, streamlined, and protected from common threats.

Generate Your SSH Key Pair

Open a terminal on your machine

Generate the key pair by running the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

  • The -t rsa option specifies the RSA algorithm
  • The -b 4096 option sets the key size to 4096 bits (more secure)
  • The -C option adds a comment (usually your email) to help identify the key.

To generate an SSH key pair using the Ed25519 algorithm, the command would be:

ssh-keygen -t ed25519 -C "your_email@example.com"

-t ed25519: Specifies the type of key to generate, in this case, Ed25519.

The Ed25519 algorithm does not require the -b option for specifying the key size, because it uses a fixed size of 256 bits. So, you don’t need to specify the -b option like you do with RSA.

When prompted for the file to save the key, press Enter to use the default location (~/.ssh/id_rsa), or specify a different location. If you don't specify the -f option, the key will be saved to the default location ~/.ssh/id_ed25519 for Ed25519 keys or ~/.ssh/id_rsa for RSA keys.

  • -f /path/to/custom/location/id_ed25519: Specifies the file path and name for the generated key. Replace /path/to/custom/location/ with your desired directory path.

ssh-keygen -t ed25519 -C "your_email@example.com" -f /path/to/custom/location/id_ed25519

ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f /path/to/custom/location/id_rsa

You'll be prompted to create a passphrase for added security. You can either create one or leave it blank for no passphrase (though it’s recommended to use a passphrase).

Ed25519 vs RSA: A Comparative Overview of Cryptographic Algorithms

  • RSA is a proven, widely adopted algorithm that works well for a variety of purposes, but it has larger key sizes, slower performance, and is potentially vulnerable to future quantum attacks.
  • Ed25519 is a more modern and efficient alternative that provides excellent security with smaller key sizes and better performance. It’s becoming the preferred choice for new systems and applications, especially where performance and efficiency are important.

Copy Your Public Key to the Remote Server

Now that you’ve generated your SSH key pair, you need to copy the public key to your remote server.

Use the ssh-copy-id command to copy your public key to the remote server:

ssh-copy-id user@remote_host

Replace user with your username on the remote machine, and remote_host with the IP address or domain name of your remote server.

The ssh-copy-id command will automatically append your public key (~/.ssh/id_rsa.pub) to the remote server's ~/.ssh/authorized_keys file, which allows the remote server to authenticate your key.

if you want to specify a specific key to copy to the remote server, you can use:

  • -i to define which key you're copying
  • -p to specify a custom port

ssh-copy-id -i ~/.ssh/id_rsa.pub -p port_number user@remote_host

Ensure Correct Permissions on the Remote Server

The permissions for the ~/.ssh directory and authorized_keys file on the remote server must be set properly to allow SSH to work correctly:

  • Ensure the ~/.ssh directory has 700 permissions:
    • chmod 700 ~/.ssh
  • Ensure the ~/.ssh/authorized_keys file has 600 permissions:
    • chmod 600 ~/.ssh/authorized_keys

To enhance security, you can disable password-based logins on your SSH server entirely, allowing only public key authentication.

sudo vim /etc/ssh/sshd_config

Find and modify the following settings (or add them if they don’t exist):

PasswordAuthentication no

ChallengeResponseAuthentication no

Save the changes and restart the SSH service:

sudo systemctl restart sshd

Backup Your SSH Key Pair

It’s a good idea to back up your private SSH key (located in ~/.ssh/id_rsa) to a secure location in case your local machine is lost or compromised. Never share or expose your private key.

Final Thoughts

By adopting public key authentication for your SSH connections, you're taking a significant step toward enhancing the security of your systems. Not only does it protect against brute-force attacks, but it also eliminates the risks associated with weak or reused passwords. As cybersecurity threats continue to evolve, using key-based authentication ensures that your servers remain as secure as possible. Remember, security is a continuous process — regularly review and update your SSH configurations, manage your keys carefully, and you'll be well on your way to a safer, more robust infrastructure.

Next article
How to Install MySQL on Linux: A Step-by-Step Guide

Popular (all time)

Related articles

Understanding JavaScript: Single vs Double vs Triple Equals Explained

Editorial Staff -
While it may seem like a small detail, these operators play a big role in determining whether values are truly equal or just appear to be. This post will break down each of these comparison operators, clarify the differences, and explain when to use them, helping you avoid common pitfalls and write cleaner, more efficient code.

How to Edit Your WordPress Admin Username and Author Slug via MySQL

Editorial Staff -
In this guide, we’ll walk you through the process of editing both the admin username and author slug using MySQL. Whether you’re looking to strengthen your site's security or simply personalize your author URL, this straightforward method will help you make the changes with ease.

Integrating React into Your Laravel Project: A Simple Guide

Editorial Staff -
In this guide, we'll walk you through the process of integrating React into your Laravel project, enabling you to harness the best of both worlds. Whether you're new to either technology or just looking to streamline your workflow, this step-by-step guide will show you how to set up and configure React with Laravel, so you can start building efficient, real-time applications with ease.

Follow us

Huntcode.com exists to help you learn at your own pace (our content is here 24/7, on-demand, whenever you need it), and we cover everything from web development basics to advanced topics like Cyber Security and server management.

Explore

Your Thoughts Matter to Us!

We'd love to hear your thoughts on our tutorials! What did you find helpful, and where can we improve? Our AI-powered chatbot is available on our content pieces to help personalize your learning experience, and your feedback helps us enhance our guides to make them even better for you!
Cam G Media, LLC is excited to announce its membership in the NVIDIA Inception Program.

© 2025 NVIDIA, the NVIDIA logo, are trademarks and/or registered trademarks of NVIDIA Corporation in the U.S. and other countries.

We want to help anyone curious about coding unlock new opportunities through learning.

Copyright © 2025 Cam G Media, LLC. All rights reserved.