Secure Shell (SSH) is one of the most widely used tools for securely managing and accessing remote systems. Instead of relying on traditional password-based authentication, which is less secure and prone to brute-force attacks, system administrators often configure SSH key-based authentication for better security, scalability, and automation.
This guide explains how to generate SSH keys using ssh-keygen, copy them securely to a remote server using ssh-copy-id, verify the configuration, and follow security best practices.
With SSH keys, authentication happens using a public-private key pair:
This method is more secure and more convenient, especially for developers, sysadmins, and automated deployments.
Run the following command to generate a new SSH key pair:
File to save the key → Press Enter to accept the default:~/.ssh/id_rsa
Passphrase (optional but recommended) → Adds an extra layer of security.
If set, you’ll need to enter it when using the private key.
Once the keys are generated, use ssh-copy-id to transfer your public key to the remote server:
This command:
Appends your public key (id_rsa.pub) to the server’s:
Automatically sets correct permissions for the .ssh directory and key file.
If ssh-copy-id isn’t available, you can manually copy the key:
This command:
To confirm everything works:
If configured correctly, you should log in without entering a password.
If a passphrase was set, you’ll be prompted for it instead.
Prefer RSA 4096 or Ed25519:
Ed25519 keys are smaller, faster, and more secure.
SSH will refuse to use keys if permissions are too open.
On the remote server, edit:
Set:
Then restart SSH:
Instead of typing your passphrase every time, use ssh-agent:
This caches your key for the session.
Problem | Possible Cause | Solution |
---|---|---|
Still asks for a password | Wrong permissions or missing key | Check ~/.ssh perms and authorized_keys |
“Permission denied” error | Wrong username or IP | Confirm correct login credentials |
ssh-copy-id not found | Utility missing | Install via: sudo apt install openssh-client |
Key ignored | Too-permissive file permissions | Run chmod 600 ~/.ssh/id_rsa |
Using ssh-keygen and ssh-copy-id enhances security and convenience when managing remote servers. By configuring SSH key authentication, administrators can eliminate the risks associated with password-based logins while streamlining secure access.