{"id":428,"date":"2025-11-11T06:47:08","date_gmt":"2025-11-11T06:47:08","guid":{"rendered":"https:\/\/servertweakers.com\/?p=428"},"modified":"2025-12-02T06:52:12","modified_gmt":"2025-12-02T06:52:12","slug":"how-to-set-up-and-use-an-ssh-key-to-secure-your-linux-server","status":"publish","type":"post","link":"https:\/\/servertweakers.com\/blog\/how-to-set-up-and-use-an-ssh-key-to-secure-your-linux-server\/","title":{"rendered":"How to Set Up and Use an SSH Key to Secure Your Linux Server"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">SSH keys are one of the easiest ways to dramatically improve the security of your server. Instead of relying on passwords\u2014which can be guessed, stolen, or reused\u2014SSH keys use cryptographic pairs that are nearly impossible to brute-force.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you manage any Linux server, using SSH keys should be standard practice. Below is a simple, step-by-step guide for generating and enabling SSH key authentication.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>What Is an SSH Key?<\/strong><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">SSH keys come in a <strong>pair<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Public key<\/strong> \u2192 stored on the server<\/li>\n\n\n\n<li><strong>Private key<\/strong> \u2192 kept securely on your local device<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">When you connect, SSH proves the private key matches the public key\u2014no passwords required.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Step 1: Generate Your SSH Key Pair<\/strong><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">You can do this on Linux, macOS, or Windows using PowerShell.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Run:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-keygen -t ed25519 -C \"your@email.com\"\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">If your system doesn\u2019t support <code>ed25519<\/code>, use RSA:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-keygen -t rsa -b 4096 -C \"your@email.com\"\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">You&#8217;ll see something like:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>Enter file in which to save the key (\/home\/you\/.ssh\/id_ed25519):\nEnter passphrase (empty for no passphrase):\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Recommended: Set a passphrase<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This encrypts your private key in case your device is stolen.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Your key files will be created in:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>~\/.ssh\/id_ed25519      (private key)\n~\/.ssh\/id_ed25519.pub  (public key)\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Step 2: Upload Your Public Key to the Server<\/strong><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">Replace <code>user<\/code> and <code>server_ip<\/code> with your values:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-copy-id user@server_ip\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">If <code>ssh-copy-id<\/code> isn\u2019t available, manually upload the key:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Show your public key:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>cat ~\/.ssh\/id_ed25519.pub\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Copy the full line.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On the server, edit\/create:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>~\/.ssh\/authorized_keys\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Paste the public key inside the file.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Fix permissions:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>chmod 700 ~\/.ssh chmod 600 ~\/.ssh\/authorized_keys<\/code><\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Step 3: Test SSH Key Login<\/strong><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">From your local machine:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh user@server_ip\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">If everything is set up properly, you will log in <strong>without<\/strong> being prompted for a password.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">(If you set a passphrase, you\u2019ll be asked for that once per session.)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Step 4: Disable Password Authentication (Optional but Strongly Recommended)<\/strong><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">Once you verify that keys work, disable passwords to stop brute-force attacks completely.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Edit:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>\/etc\/ssh\/sshd_config\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Set:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>PasswordAuthentication no\nChallengeResponseAuthentication no\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Restart SSH:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart sshd\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Warning:<\/strong> Always keep one session open while testing changes to avoid locking yourself out.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Step 5: Using Your SSH Key With Common Tools<\/strong><\/h1>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>scp (copy files)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>scp file.txt user@server_ip:\/path\/\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>sftp (interactive file transfer)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sftp user@server_ip\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Git (for developers)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone git@github.com:repo\/project.git\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">The SSH agent automatically uses your private key.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Extra Tips for Best Practices<\/strong><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">\u2714 Use <code>ed25519<\/code> keys unless the system explicitly requires RSA<br>\u2714 Protect your private key with a passphrase<br>\u2714 Never share your private key\u2014only the <code>.pub<\/code> file<br>\u2714 Rotate your SSH keys annually or when staff changes<br>\u2714 Store keys securely in a password manager or encrypted vault<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">SSH keys provide a massive security upgrade with very little effort. They eliminate brute-force password attacks, streamline authentication, and give you tighter control over who can access your server.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re securing a new server\u2014or hardening an existing one\u2014enabling SSH key authentication should always be step one.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n","protected":false},"excerpt":{"rendered":"<p>SSH<\/p>\n","protected":false},"author":1,"featured_media":430,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-428","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/posts\/428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/comments?post=428"}],"version-history":[{"count":1,"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/posts\/428\/revisions"}],"predecessor-version":[{"id":432,"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/posts\/428\/revisions\/432"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/media\/430"}],"wp:attachment":[{"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/media?parent=428"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/categories?post=428"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/servertweakers.com\/blog\/wp-json\/wp\/v2\/tags?post=428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}