Cybersecurity Updates & Tools

Set Up SSH Keys on Ubuntu 18.04: Passwordless Login Guide

SSH keys give you a more secure and convenient way to connect to remote servers. Instead of typing a password each time, the server verifies a cryptographic key pair. Your private key stays on your local machine. Your public key lives on the server. When you connect, both keys confirm each other automatically.

This method is much harder to break than password login. If someone steals your password, they can try it from anywhere. With key authentication, they would also need physical access to your private key file. This guide shows you how to set up SSH keys on Ubuntu 18.04, copy the public key to a remote server, and disable password login entirely.

<strong>Prerequisite:</strong>&nbsp;You need sudo access on the remote server.

Generate a New SSH Key Pair

First, check if your local machine already has SSH keys:

bashls -l ~/.ssh/id_*.pub

If the command returns no files, generate a new 4096-bit RSA key pair:

bashssh-keygen -t rsa -b 4096 -C "your_email@domain.com"

Press Enter to accept the default file location (~/.ssh/id_rsa). You will then be asked to set a passphrase. A passphrase adds an extra layer of protection to your private key. Even if someone accesses your machine, they cannot use the key without the passphrase. Press Enter to skip if you want fully passwordless access.

Confirm the keys were created:

bashls ~/.ssh/id_*

You should see two files: id_rsa (the private key) and id_rsa.pub (the public key). Never share the private key file with anyone.

Copy the Public Key to the Remote Server

Use ssh-copy-id to transfer your public key to the server:

bashssh-copy-id remote_username@server_ip_address

Enter the remote user’s password when prompted. The command appends your public key to the ~/.ssh/authorized_keys file on the server. This file holds a list of every public key that is allowed to log in to that account. Future connections will use the key instead of the password.

If ssh-copy-id is not available on your machine, use this alternative:

bashcat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh &amp;&amp; chmod 700 ~/.ssh &amp;&amp; cat &gt;&gt; ~/.ssh/authorized_keys &amp;&amp; chmod 600 ~/.ssh/authorized_keys"

Test the Key-Based Login

Verify that SSH key authentication is working:

bashssh remote_username@server_ip_address

If you did not set a passphrase, the connection opens right away. If you set one, you will be asked to enter it once. Either way, the server’s password prompt will not appear.

Disable SSH Password Authentication

Once key login is confirmed working, disable password authentication to block brute-force attacks.

Open the SSH configuration file on the remote server:

bashsudo nano /etc/ssh/sshd_config

Find and update these three lines:

iniPasswordAuthentication noChallengeResponseAuthentication noUsePAM no

Save the file and restart the SSH service:

bashsudo systemctl restart ssh

Password-based logins are now blocked. Only clients with the correct private key can connect.

Your Ubuntu 18.04 server is now secured with SSH key authentication. Keep your private key file backed up in a safe place. You can also add the same public key to multiple servers if you manage more than one machine. Leave a comment below if you run into any issues.