An SSH key lets you keep your remote server accounts safe while granting passwordless access. It’s easy to generate one on Linux.

What Is an SSH Key?

An SSH key is a cryptographically generated key that lets youlog on to remote machines. An SSH key is a “key pair” containing a public key and a private key. You can copy the public key to remote machines, and they will use it to authenticate you. The private key, as its name implies, is private and should stay on your local machine.

Don’t share your private SSH key with anyone!

At login time, the remote server will use SSH to compare your public key with your private one. If they match, you’re authorized to enter the remote system. This key pair system lets you set up accounts easily while maintaining security.

How to Generate a Remote Key

To generate an SSH key pair, just use the"ssh-keygen"command on the Linux command line. It will prompt you to select a file location, then enter and confirm a passphrase if you choose to use one. The passphrase allows you to add an extra layer of security to your key.

If you use a passphrase, don’t forget it! You won’t be able to log in using that key if you forget it.

Linux SSH key generation

If you want to log in without a password, just leave the passphrase blank.

By default, ssh-keygen uses the Ed25519 algorithm. This is sufficient for most cases because it’s very secure. You can specify the type of algorithm you want using the -t flag. You shouldn’t normally need to do this unless the server doesn’t support whatever algorithm you’ve used. You can read thessh-keygen manual pageto learn how to generate a different key pair.

ssh-copy-id utility in Linux terminal

Getting Your New SSH Key to the Remote Machine

Now that you’ve generated your key pair, you need to copy your key over to the remote server. There are two ways to do this.

The first and easiest is to use thessh-copy-idutility. To do so, just call it with the username and address of your remote server account:

.ssh/authorized-keys file on Linux

Enter your password, and it will copy over your private key.

You’ll now be able to log into the remote server:

If that doesn’t work, you’ll have to copy and paste your public key manually. Your public key will bea file ending in “.pub"in the .ssh directoryin your home directory. Open it and copy and paste what’s in it into the.ssh/authorized_keysfile on the remote machine.

Save the file, and you’ll now be able to log on to the server using SSH. Make sure that the file is only writeable by you, oryou may run into errors.