How to Set Up SSH Keys (Passwordless Login)

Original Source: How to Set Up SSH Keys (Passwordless Login) — SamNet Learn

Prerequisites

A server with SSH access
Terminal access on your local machine

Quick Answer: Run ssh-keygen -t ed25519 on your local machine. Then ssh-copy-id user@server to copy the key. Now ssh user@server logs in without a password. Disable password auth in /etc/ssh/sshd_config by setting PasswordAuthentication no.

Need a VPS? Vultr (free credit), DigitalOcean ($200 free credit), or RackNerd (cheap annual deals).

Why SSH Keys?

Step 1: Generate a Key Pair

On your local machine (not the server):

ssh-keygen -t ed25519 -C "your@email.com"

-t ed25519 — Modern, secure algorithm (preferred over RSA)
-C — Comment to identify the key

It asks:

Enter file in which to save the key (/home/you/.ssh/id_ed25519):

Press Enter to accept the default location.

Enter passphrase (empty for no passphrase):

Optional but recommended — adds a password to the key itself. If someone steals your key file, they still need the passphrase.

This creates two files:

If You Need RSA (older servers)

ssh-keygen -t rsa -b 4096 -C "your@email.com"

Step 2: Copy the Key to Your Server

Method 1: ssh-copy-id (Easiest)

ssh-copy-id user@your-server-ip

Type your password one last time. It copies the public key to the server's ~/.ssh/authorized_keys file.

Method 2: Manual Copy

If ssh-copy-id is not available:

# Display your public key
cat ~/.ssh/id_ed25519.pub

# SSH into the server with password
ssh user@your-server-ip

# On the server, add the key
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "PASTE_YOUR_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Method 3: From Windows (PowerShell)

# Generate key (if not done)
ssh-keygen -t ed25519

# Copy key to server
type $env:USERPROFILE\.ssh\id_ed25519.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Step 3: Test It

ssh user@your-server-ip

You should log in without typing a password. If it still asks for a password, check permissions:

# On the server
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R $USER:$USER ~/.ssh

Step 4: Disable Password Login (Recommended)

Once key auth works, disable password login to prevent brute-force attacks:

# On the server, edit SSH config
sudo nano /etc/ssh/sshd_config

Change these settings:

PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no

Restart SSH:

sudo systemctl restart sshd

⚠️ Keep your current SSH session open while testing with a new terminal. If something goes wrong, you can fix it from the existing session.

Multiple Keys

Different Keys for Different Servers

# Generate a key for work
ssh-keygen -t ed25519 -f ~/.ssh/id_work -C "work@company.com"

# Generate a key for personal
ssh-keygen -t ed25519 -f ~/.ssh/id_personal -C "personal@email.com"

Configure in ~/.ssh/config:

Host work-server
    HostName 10.0.0.5
    User admin
    IdentityFile ~/.ssh/id_work

Host personal-vps
    HostName 203.0.113.50
    User sam
    IdentityFile ~/.ssh/id_personal

Now just: ssh work-server or ssh personal-vps

Add Key to SSH Agent

To avoid typing the passphrase every time:

# Start the agent
eval "$(ssh-agent -s)"

# Add your key
ssh-add ~/.ssh/id_ed25519

# List loaded keys
ssh-add -l

Troubleshooting

# Debug SSH connection
ssh -v user@server              # Verbose — shows what key is tried
ssh -vvv user@server            # Extra verbose