SSH keys are generated in pairs and stored in plain-text files. The keypair consist of two parts: a private key and a public key. Do not share your private key with anyone. Private SSH keys should be kept safe and secure.
In this example, we will use the Ed25519 encryption algorithm when generating our key pair for use with SSH.
In this section, we will generate our key using the ssh-keygen tool. OpenSSH and ssh-keygen are included by default on Linux and MacOS.
Run the command below to generate a new key using the ssh-keygen tool.
ssh-keygen -t ed25519 -C “user@domain.com”
When prompted for the file name, press Enter to use the default name and path. SSH keys are usually stored in the ~/.ssh/ directory.
Next, enter a passphrase. This is optional but is recommended.
Upload the public key to your remote system
Enter the command below
ssh-copy-id [user]@[ipaddress]
You’re prompted to enter your remote user’s password
ssh-copy-id is a utility included with OpenSSH
After entering your password, your public key should be copied to the server’s authorized_keys file.
Disable Password Authentication
Open the SSH configuration file on your remote machine
vi /etc/ssh/sshd_config
Disable SSH password authentication
PasswordAuthentication no
Disable root logins over SSH
PermitRootLogin no