Find us on social media
SSHKeysSecurity6 min read
Configure SSH key authentication
Generate SSH keys, copy them to the server, and disable password authentication.
SSH keys are more secure than passwords and allow you to connect without entering credentials each time.
Step 1 — Generate the key pair
On your local machine:
bash
ssh-keygen -t ed25519 -C "your-email@example.com"If your system doesn't support Ed25519:
bash
ssh-keygen -t rsa -b 4096 -C "your-email@example.com"Two files are generated:
~/.ssh/id_ed25519— private key (never share this)~/.ssh/id_ed25519.pub— public key (copy this to the server)
Step 2 — Copy the key to the server
bash
ssh-copy-id -i ~/.ssh/id_ed25519.pub deploy@YOUR_IPIf ssh-copy-id is not available:
bash
cat ~/.ssh/id_ed25519.pub | ssh deploy@YOUR_IP "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"Step 3 — Verify passwordless access
bash
ssh deploy@YOUR_IPYou should log in without being prompted for a password.
Step 4 — Disable password authentication
On the server:
bash
sudo nano /etc/ssh/sshd_configModify:
terminal
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication noRestart SSH:
bash
sudo systemctl restart sshdStep 5 — Configure SSH Agent
To avoid typing the passphrase every time:
bash
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519Step 6 — SSH config file
Create ~/.ssh/config to simplify connections:
terminal
Host my-vps
HostName YOUR_IP
User deploy
IdentityFile ~/.ssh/id_ed25519
Port 22Now connect with:
bash
ssh my-vpsStep 7 — Correct permissions
bash
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
chmod 600 ~/.ssh/authorized_keysMultiple keys
You can have different keys for different servers. Specify which to use in ~/.ssh/config or with -i:
bash
ssh -i ~/.ssh/production_key deploy@PRODUCTION_IPWith SSH keys configured, your Baires Host VPS is protected against password brute-force attacks.
Was this guide helpful?