Read in 3 minutes

How To Set Up SSH Keys

Secure Shell (SSH) is a cryptographic network protocol used for secure connection between a client and a server and supports various authentication mechanisms. The two most popular mechanisms are passwords based authentication and public key based authentication. In this article we will show you how to connect to your servers without a password using a SSH key.

Generate a new SSH key

Before generating a new SSH key let’s check if we already have an SSH key on our client machine because we don’t want to overwrite our existing keys. Run the following command to see if existing SSH keys are present:

ls -al ~/.ssh/id_*.pub

If there are existing keys, you can either use those and skip the next step or backup up the old keys and generate a new one. If you see No such file or directory or no matches found it means that we do not have a SSH key and we can proceed with the next step and generate a new one.

The following command to generate a new SSH key with 4096 bits and your email address as a comment:

ssh-keygen -t rsa -b 4096 -C "your_ema[email protected]"

Press Enter to accept the default file location and file name:

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Next, the ssh-keygen tool will aks us to type a secure passphrase. Whether you want to use passphrase its up to you, if you choose to use passphrase you will get an extra layer of security. In most cases developers and system administrators are using SSH without a passphrase because they are useful for fully automated processes. If you don’t want to use passphrase just press Enter

Enter passphrase (empty for no passphrase):

The whole interaction looks like this:

ssh-keygen -t rsa -b 4096 -C "[email protected]"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/yourusername/.ssh/id_rsa.
Your public key has been saved in /home/yourusername/.ssh/
The key fingerprint is:
SHA256:CmyJ/K3P/3pzD0RNWt5IC/l9CGCwGUj28GTWOMIym+w [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|     o+.*+o...+  |
|    o.+Bo=. oO + |
|   . = .=.  oo=o.|
| . o+.     .  o o|
|  o.=   S   .   .|
|   oEo .   .     |
|    . o     .    |
|     o    o ..   |
|    ..o.o+.o ..  |

To be sure that the SSH key is generated we can list our new private and public keys with:

ls ~/.ssh/id_*
/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/

Copy the public key

Once we have generated a SSH key, in order to be able to login to our server without a password we need to copy the public key to the server we want to manage.

We will use the ssh-copy-id command to copy our public key:

ssh-copy-id [email protected]_ip_address

You will be prompted to enter the remoteusername password:

[email protected]_ip_address's password:

Once the user is authenticated, our public key will be appended to the remote user authorized_keys file and connection will be closed.

You can now login to the remote server without being prompted for a password.

That’s all! If you have any question or feedback feel free to leave a comment.