SSH keys give you a more secure and convenient way to connect to remote servers. Instead of typing a password each time, the server verifies a cryptographic key pair. Your private key stays on your local machine. Your public key lives on the server. When you connect, both keys confirm each other automatically.
This method is much harder to break than password login. If someone steals your password, they can try it from anywhere. With key authentication, they would also need physical access to your private key file. This guide shows you how to set up SSH keys on Ubuntu 18.04, copy the public key to a remote server, and disable password login entirely.
<strong>Prerequisite:</strong> You need sudo access on the remote server.
First, check if your local machine already has SSH keys:
bashls -l ~/.ssh/id_*.pub
If the command returns no files, generate a new 4096-bit RSA key pair:
bashssh-keygen -t rsa -b 4096 -C "your_email@domain.com"
Press Enter to accept the default file location (~/.ssh/id_rsa). You will then be asked to set a passphrase. A passphrase adds an extra layer of protection to your private key. Even if someone accesses your machine, they cannot use the key without the passphrase. Press Enter to skip if you want fully passwordless access.
Confirm the keys were created:
bashls ~/.ssh/id_*
You should see two files: id_rsa (the private key) and id_rsa.pub (the public key). Never share the private key file with anyone.
Use ssh-copy-id to transfer your public key to the server:
bashssh-copy-id remote_username@server_ip_address
Enter the remote user’s password when prompted. The command appends your public key to the ~/.ssh/authorized_keys file on the server. This file holds a list of every public key that is allowed to log in to that account. Future connections will use the key instead of the password.
If ssh-copy-id is not available on your machine, use this alternative:
bashcat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
Verify that SSH key authentication is working:
bashssh remote_username@server_ip_address
If you did not set a passphrase, the connection opens right away. If you set one, you will be asked to enter it once. Either way, the server’s password prompt will not appear.
Once key login is confirmed working, disable password authentication to block brute-force attacks.
Open the SSH configuration file on the remote server:
bashsudo nano /etc/ssh/sshd_config
Find and update these three lines:
iniPasswordAuthentication noChallengeResponseAuthentication noUsePAM no
Save the file and restart the SSH service:
bashsudo systemctl restart ssh
Password-based logins are now blocked. Only clients with the correct private key can connect.
Your Ubuntu 18.04 server is now secured with SSH key authentication. Keep your private key file backed up in a safe place. You can also add the same public key to multiple servers if you manage more than one machine. Leave a comment below if you run into any issues.
Apache Tomcat is an open-source Java application server that implements the Java Servlet, JavaServer Pages, and…
Setting the correct timezone on your Ubuntu machine is more important than it sounds. Your…
PrestaShop is a free, open-source e-commerce platform built with PHP and MySQL. It comes with a…
FFmpeg is a free, open-source command-line tool for working with multimedia files. It can convert video…
Nginx server blocks let you run more than one website on a single server. Each block…
Tor Browser is a modified version of Firefox that routes all your web traffic through the Tor…