Enterprise hosting · Built for gamers
Using SSH Keys Instead of Passwords
This guide shows you why SSH keys are more secure and convenient than passwords and how to set them up. With an SSH key, you can log in without a password while protecting your server from brute-force attacks.
Note: The complete guide to SSH connections can be found in the article "SSH Connection and Key Authentication" in the left navigation.
Why SSH Keys?
| Password | SSH Key | |
|---|---|---|
| Security | Can be guessed or stolen | Practically impossible to crack (2^256 possibilities) |
| Brute-force protection | Attackers can try unlimited times | No access possible without private key |
| Convenience | Enter password every time | Set up once, never enter a password again |
| Automation | Password in script = security risk | Perfect for scripts and cronjobs |
Step 1: Create a Key Pair
Run this command on your local computer – not on the server:
ssh-keygen -t ed25519 -C "[email protected]"
You'll be asked:
- Save location: Press Enter for the default path (
~/.ssh/id_ed25519) - Passphrase: An additional password for the key (optional, but recommended)
- Repeat passphrase: Enter the same password again
After creation you have two files:
- id_ed25519 – Your private key (secret, never share!)
- id_ed25519.pub – Your public key (goes on the server)
Step 2: Copy the Public Key to the Server
Method A: Using ssh-copy-id (recommended)
ssh-copy-id root@your-server-ip
Enter your server password once. The key is transferred automatically.
Method B: Manual Copy
# On your local PC: Display public key
cat ~/.ssh/id_ed25519.pub
# On the server: Paste key into authorized_keys
ssh root@your-server-ip
mkdir -p ~/.ssh
echo "paste-your-copied-key-here" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
exit
Step 3: Test Key Login
ssh root@your-server-ip
If you set a passphrase, you'll be asked for it. Otherwise you're logged in immediately – without a password.
Step 4: Disable Password Login (Recommended)
Once key login works, you should disable password login:
sudo nano /etc/ssh/sshd_config
Find and change the following lines:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Restart the SSH service:
sudo systemctl restart sshd
Important: Test the key login beforehand in a second terminal window. If the key doesn't work and password login is disabled, you won't be able to access the server.
SSH Keys on Windows with PuTTY
- Open PuTTYgen
- Select Ed25519 as key type and click Generate
- Move the mouse over the empty area to generate random data
- Save the private key (
.ppkfile) and copy the public key - Add the public key on the server in
~/.ssh/authorized_keys - In PuTTY under Connection → SSH → Auth select the private key
SSH Config File for Multiple Servers
Create ~/.ssh/config on your local machine:
Host my-server
HostName 123.123.123.123
User root
IdentityFile ~/.ssh/id_ed25519
Host gameserver
HostName 456.456.456.456
User steam
IdentityFile ~/.ssh/id_ed25519
Then simply use ssh my-server to connect – without IP and username.
Common Problems
"Permission denied (publickey)":
- Was the public key correctly inserted in
authorized_keys? - Are the permissions correct?
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys - Is the private key on your local machine in the
~/.ssh/folder?
"Too many authentication failures":
- Too many keys in the
~/.ssh/folder. Connect with a specific key:ssh -i ~/.ssh/id_ed25519 root@server-ip
The complete guide to SSH connections with more details can be found in the article "SSH Connection and Key Authentication" in the left navigation.
NexoraHost
Your own server
Root access for Linux admins – secure with our VPS/root guides.
nexorahost.com · Maincubes FRA01 · 1 Tbit/s DDoS · 99,9 % Uptime