What this is
SSH public key authentication lets you log in securely without typing a server password. You keep the private key on your computer and place the public key on the server.
What it is for
- More secure than passwords
- Prevents most brute-force password attacks
- Convenient login (often no password prompt)
Prerequisites
- SSH access (at least once) using password or existing method
- Username you will use (example:
admin) - Terminal/PowerShell on your computer
Step-by-step
Step 1) Generate a key pair on your computer
ssh-keygen -t ed25519 -C "your_email@example.com"What it does: Creates a private key and a public key.
Expected output: Messages showing the key file location (usually ~/.ssh/id_ed25519).
Important: Never share the private key.
Step 2) Copy the public key to the server
Option A (macOS/Linux):
ssh-copy-id USERNAME@YOUR_SERVER_IPWhat it does: Adds your public key to ~/.ssh/authorized_keys on the server.
Option B (manual method, works everywhere):
Print your public key:
cat ~/.ssh/id_ed25519.pubThen on the server:
mkdir -p ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keysPaste the public key on a new line, save, then:
chmod 600 ~/.ssh/authorized_keysStep 3) Test key login
ssh USERNAME@YOUR_SERVER_IPExpected result: You log in without the server password (you may be asked for the key passphrase).
Step 4) (Recommended) Disable password authentication (only after testing)
sudo nano /etc/ssh/sshd_configSet:
PasswordAuthentication noValidate and restart:
sudo sshd -t
sudo systemctl restart ssh || sudo systemctl restart sshdWarning: Do this only after confirming key login works, or you can lock yourself out.
Final verification
sudo grep -n "^PasswordAuthentication" /etc/ssh/sshd_configExpected output: PasswordAuthentication no
Conclusion
SSH keys are one of the biggest security improvements you can make on a VPS. Combine keys with firewall rules and disabling root SSH login.