Quick answer: Set up SSH keys by generating a pair with ssh-keygen -t ed25519, copying the public key with ssh-copy-id, testing the key login works, then disabling PasswordAuthentication in /etc/ssh/sshd_config and reloading SSH. Keep your current session open and test a fresh one before closing it.
SSH keys are more secure and more convenient than passwords: they cannot be brute-forced like a password, and once set up you log in without typing one. This guide creates a key pair, installs it, and safely disables password login.
On macOS, Linux, or Windows (PowerShell), run:
ssh-keygen -t ed25519 -C "you@yourdomain.com"
Press Enter to accept the default location. Set a passphrase for an extra layer of protection. This creates a private key (id_ed25519, which never leaves your machine) and a public key (id_ed25519.pub).
The easiest method:
ssh-copy-id root@your-server-ip
If ssh-copy-id is unavailable, paste the contents of id_ed25519.pub into ~/.ssh/authorized_keys on the server, one key per line.
Open a new terminal and run ssh root@your-server-ip. You should log in using the key (and passphrase if you set one), without the server password. Do not skip this test - confirm the key works while you still have password access as a fallback.
Only after the key works, edit /etc/ssh/sshd_config on the server:
PasswordAuthentication no PubkeyAuthentication yes
Reload SSH so the change applies without dropping your session:
systemctl reload sshd
Keep your current session open and test a fresh connection in another window before closing it, so you cannot lock yourself out.
Back up your private key securely and never share it. Anyone with the private key can log in as you. If it is ever exposed, remove its public key from authorized_keys immediately.
Why disable password login?
Keys cannot be brute-forced like passwords, which stops the most common attack against SSH.
How do I avoid locking myself out?
Confirm the key login works, then keep your session open and test a new connection before closing the old one.
On a SoftSys managed Linux VPS our team can configure key-only SSH access and a hardened SSH policy for you, so the server is locked down from day one without risk of a lockout.