There was a problem loading the comments.

How to Set Up SSH Key Authentication and Disable Password Login

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

Quick answer: Set up SSH keys by generating a pair with ssh-keygen -t ed25519, copying the public key with ssh-copy-id, testing the key login works, then disabling PasswordAuthentication in /etc/ssh/sshd_config and reloading SSH. Keep your current session open and test a fresh one before closing it.

SSH keys are more secure and more convenient than passwords: they cannot be brute-forced like a password, and once set up you log in without typing one. This guide creates a key pair, installs it, and safely disables password login.

1. Generate a key pair on your computer

On macOS, Linux, or Windows (PowerShell), run:

ssh-keygen -t ed25519 -C "you@yourdomain.com"

Press Enter to accept the default location. Set a passphrase for an extra layer of protection. This creates a private key (id_ed25519, which never leaves your machine) and a public key (id_ed25519.pub).

2. Copy the public key to the server

The easiest method:

ssh-copy-id root@your-server-ip

If ssh-copy-id is unavailable, paste the contents of id_ed25519.pub into ~/.ssh/authorized_keys on the server, one key per line.

3. Test the key login before disabling passwords

Open a new terminal and run ssh root@your-server-ip. You should log in using the key (and passphrase if you set one), without the server password. Do not skip this test - confirm the key works while you still have password access as a fallback.

4. Disable password authentication

Only after the key works, edit /etc/ssh/sshd_config on the server:

PasswordAuthentication no
PubkeyAuthentication yes

Reload SSH so the change applies without dropping your session:

systemctl reload sshd

Keep your current session open and test a fresh connection in another window before closing it, so you cannot lock yourself out.

5. Keep the private key safe

Back up your private key securely and never share it. Anyone with the private key can log in as you. If it is ever exposed, remove its public key from authorized_keys immediately.

Frequently asked questions

Why disable password login?
Keys cannot be brute-forced like passwords, which stops the most common attack against SSH.

How do I avoid locking myself out?
Confirm the key login works, then keep your session open and test a new connection before closing the old one.

On a SoftSys managed Linux VPS our team can configure key-only SSH access and a hardened SSH policy for you, so the server is locked down from day one without risk of a lockout.


Share via
Did you find this article useful?  

Related Articles

Tags

© Softsys Hosting