How to Set Up and Use an SSH Key to Secure Your Linux Server

SSH keys are one of the easiest ways to dramatically improve the security of your server. Instead of relying on passwords—which can be guessed, stolen, or reused—SSH keys use cryptographic pairs that are nearly impossible to brute-force.

If you manage any Linux server, using SSH keys should be standard practice. Below is a simple, step-by-step guide for generating and enabling SSH key authentication.

What Is an SSH Key?

SSH keys come in a pair:

  • Public key → stored on the server
  • Private key → kept securely on your local device

When you connect, SSH proves the private key matches the public key—no passwords required.

Step 1: Generate Your SSH Key Pair

You can do this on Linux, macOS, or Windows using PowerShell.

Run:






ssh-keygen -t ed25519 -C "[email protected]"






If your system doesn’t support ed25519, use RSA:










ssh-keygen -t rsa -b 4096 -C "[email protected]"






You’ll see something like:










Enter file in which to save the key (/home/you/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):






Recommended: Set a passphrase





This encrypts your private key in case your device is stolen.





Your key files will be created in:










~/.ssh/id_ed25519      (private key)
~/.ssh/id_ed25519.pub  (public key)











Step 2: Upload Your Public Key to the Server





Replace user and server_ip with your values:










ssh-copy-id user@server_ip






If ssh-copy-id isn’t available, manually upload the key:





    

  1. Show your public key:
    2. 






cat ~/.ssh/id_ed25519.pub






Copy the full line.





On the server, edit/create:










~/.ssh/authorized_keys






Paste the public key inside the file.





Fix permissions:










    

  1. chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
    2. 











Step 3: Test SSH Key Login





From your local machine:










ssh user@server_ip






If everything is set up properly, you will log in without being prompted for a password.





(If you set a passphrase, you’ll be asked for that once per session.)










Step 4: Disable Password Authentication (Optional but Strongly Recommended)





Once you verify that keys work, disable passwords to stop brute-force attacks completely.





Edit:










/etc/ssh/sshd_config






Set:










PasswordAuthentication no
ChallengeResponseAuthentication no






Restart SSH:










systemctl restart sshd






Warning: Always keep one session open while testing changes to avoid locking yourself out.










Step 5: Using Your SSH Key With Common Tools





scp (copy files)










scp file.txt user@server_ip:/path/






sftp (interactive file transfer)










sftp user@server_ip






Git (for developers)










git clone [email protected]:repo/project.git






The SSH agent automatically uses your private key.










Extra Tips for Best Practices





✔ Use ed25519 keys unless the system explicitly requires RSA
✔ Protect your private key with a passphrase
✔ Never share your private key—only the .pub file
✔ Rotate your SSH keys annually or when staff changes
✔ Store keys securely in a password manager or encrypted vault










Conclusion





SSH keys provide a massive security upgrade with very little effort. They eliminate brute-force password attacks, streamline authentication, and give you tighter control over who can access your server.





If you’re securing a new server—or hardening an existing one—enabling SSH key authentication should always be step one.