How to ssh login using keys, not passwords

ssh login with keys

Erika Tynn

1 min read

On your Client

Generate ssh key pair

To generate an industry standard key-pair based on the Edwards-curve Digital Signature Algorithm (EdDSA) using the elliptic curve Curve25519, which uses 256-bit keys and 512-bit signatures:

ssh-keygen -t ed25519

If you do not want to use a passphrase:

ssh-keygen -t ed25519 -N ""

If you also want to specify a filename id_ed25519 (and use the default ~/.ssh/ folder):

ssh-keygen -t ed25519 -N "" -f ~/.ssh/id_ed25519

If you also want to add a custom comment (e.g. crypto account) to help you remember what the key was generated for:

ssh-keygen -t ed25519 -N "" -f ~/.ssh/id_ed25519 -C "crypto account"

Copy public key to Server

Transfer the the .pub file into the Server's authorized_keys:

ssh-copy-id -i ~/ssh/id_ed25519.pub cryptoaccount@crypto.server

On your Server

(Optional) Enforce key-based authentication

Within /etc/ssh/sshd_config, update or comment out the following keys to match these values:

PubkeyAuthentication yes
PasswordAuthentication no

Then restart the ssh service with one of the following:

systemctl restart ssh
rc-service sshd restart

Back on your Client

Login using ssh:

ssh -i ~/.ssh/id_ed25519 cryptoaccount@crypto.server

Optionally, you can add a Host alias in ~/.ssh/config:

Host cryptoserver
    HostName crypto.server
    User cryptoaccount
    IdentityFile ~/.ssh/id_ed25519

Then login with a simpler:

ssh cryptoserver