My Account | Help | Blog
You are here: Home / News / Security, Servers Management / How to Use SSH Keys Instead of Passwords for Secure Server Access

How to Use SSH Keys Instead of Passwords for Secure Server Access

Security, Servers Management 0 2 days ago

Using SSH keys instead of traditional passwords is one of the best ways to secure your server. SSH keys offer stronger encryption, eliminate the risks of brute-force attacks, and make it easier to manage automated scripts or secure user access.

In this tutorial, we’ll show you step-by-step how to generate, install, and use SSH keys on your Linux server.

✅ Why Use SSH Keys Instead of Passwords?

Here’s why switching to SSH keys is a smart move:

  • Stronger Security: 2048-bit or 4096-bit SSH keys are almost impossible to brute-force.
  • No Password Guessing: SSH keys eliminate password-based attacks.
  • Easier Automation: Perfect for servers running scripts, cronjobs, or backups.
  • Two-Factor-Like Protection: Optionally add a password to your private key for double protection.

🧰 What You’ll Need

  • A Linux server with SSH access
  • A local computer (Windows, macOS, or Linux)
  • Terminal access or an SSH client (like PuTTY)

👉 Need a secure VPS?
Check out high-performance VPS servers at Servers9

🔹 Step 1: Generate SSH Key Pair

On your local machine:

ssh-keygen

You’ll be asked:

  • File to save the key: (Press Enter to accept default ~/.ssh/id_rsa)
  • Passphrase: (Optional, but recommended for extra security)

This generates:

  • A private key: ~/.ssh/id_rsa
  • A public key: ~/.ssh/id_rsa.pub

Important: Keep your private key safe and never share it!

🔹 Step 2: Copy Public Key to Server

Option 1: Using ssh-copy-id (easiest)

ssh-copy-id -i ~/.ssh/id_rsa.pub user@your-server-ip

Replace user with your username (often root) and your-server-ip with your server’s IP.

This automatically appends your public key to the server’s authorized list.

Option 2: Manual Method

If ssh-copy-id isn’t available:

  1. SSH into the server with your password: bashCopyEditssh user@your-server-ip
  2. Create the .ssh directory and file: bashCopyEditmkdir -p ~/.ssh nano ~/.ssh/authorized_keys
  3. Paste your public key (id_rsa.pub) content into authorized_keys.
  4. Set proper permissions: bashCopyEditchmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
  5. Exit.

🔹 Step 3: Test SSH Key Login

On your local machine:

ssh user@your-server-ip

✅ If configured correctly, it should log in without asking for a password.

If you set a passphrase during key generation, it will ask for the key passphrase (not the server password).

🔒 Step 4: (Recommended) Disable Password Authentication

Once you confirm SSH key login is working:

  1. SSH into your server (with key-based login).
  2. Edit the SSH configuration:
nano /etc/ssh/sshd_config

Find and change:

PasswordAuthentication no
ChallengeResponseAuthentication no

Restart SSH:

systemctl restart sshd

✅ Now only SSH keys can access your server — password logins are disabled!

🛡️ Bonus Tips for SSH Security

  • ✅ Use 4096-bit keys for even stronger encryption: ssh-keygen -b 4096
  • ✅ Backup your private keys securely
  • ✅ Rotate keys periodically
  • ✅ Use Fail2Ban or CSF to block failed SSH attempts

📌 Common SSH Key Commands Cheat Sheet

CommandPurpose
ssh-keygenGenerate a new SSH key pair
ssh-copy-idCopy your public key to server
ssh-addAdd key to SSH agent (for auto-login)
ssh -i /path/to/key user@hostConnect using a specific private key

🚀 Ready to Lock Down Your Server?

👉 Get a pre-secured VPS with SSH keys, CSF, and Fail2Ban at Servers9