How to set up SSH Keys on Linux, keys that are a secure solution for logging into a virtual server or a dedicated Linux server

What are SSH Keys ?!

SSH keys are a secure solution for logging into a virtual server or a dedicated Linux server. Unlike the use of the password to crack the ssh key with the Brute Force method it is almost impossible.

The key pair generates two long strings: one public or public key and the other a private or private key that will both be required to connect to the server. You can place the public key on your servers and connect to them with the SSH Client that holds the Private key, when the keys are Matched together, the connection will be established without password request. You can even enable a password request for connection to increase security.

This method is very useful when you have a large number of servers and need to use DevOPS tools or when you need to integrate the connection and ensure a secure solution. Follow us on to launch this method.

Step One – Create RSA Key Pair

In the first step you need to create a key pair, one of which is Public and the other is Private. In Windows you can use the PuTTYgen tool to do this, and in Linux just type the following command in the command-line keys.

ssh-keygen -t rsa

Step Two – Save Keys and PassPhrase

After entering the command to create the keys at the command prompt you will be asked a few questions. In the first question you will be asked where you want to store the keys:

Feel free to enter your desired address. Otherwise you can press Enter to save the key files in the address listed in the command line.

Next you will be asked for PassPhrase. It is best to give a brief explanation of PassPhrase first. Using this feature has its own benefits:

No matter how complicated the security keys are, they may not be seen or shared by anyone.

Using PassPhrase you cannot connect to the server even if the Private key is provided to a person without knowing it. Whether or not to apply a second password depends on your taste:

If you wish, you can create a PassPhrase for the Private Key, and if you do not want to, simply press Enter and enter the next step.

Note : PassPhrase activation is required to enter a password at each connection. Enabling this is not recommended for operating servers under DevOPS tools.

Generally the process of building SSH Keys will be as follows:

After the work is done, the generated keys will be stored in the following ways:

Public Key: /home/demo/.ssh/

Private Key: /home/demo/.ssh/id_rsa

Then Step Three – Copy the Public Key

After creating the keys, it’s time to enter the Public Key into your virtual server. You can perform the operation with the ssh-copy-id command.

ssh-copy-id User @ YourServerIPAddress

Note Enter the correct IP address and username in the Paste field. There is a second way to do this is to transfer the Public Key file to the server using the ssh command.

cat ~ / .ssh / | ssh User @ YourServerIPAddress “mkdir -p ~ / .ssh && cat >> ~ / .ssh / authorized_keys”

No matter which method you use. Output should be as follows:

After completing the steps above, you should be able to connect to your server without requesting a password. However, if you have PassPhrase enabled you will be prompted for a password.

And Step 4 – Disable root password for SSH login

Once the Public Key file copy operation is completed on the server, make sure you connect to the server without using root information, then you can apply the restrictions to the root user and connect to SSH via the SSH protocol Disable. Open the SSH configuration file to make changes.

sudo nano / etc / ssh / sshd_config

In this file, search for PermitRootLogin text and modify it below to make sure you only connect via SSH Key.

PermitRootLogin without-password

Then restart the ssh service to make changes.

restart sshd service

systemctl restart sshd

Note: The SSH Service Restart command may vary in each version or Linux version. The above instructions are related to the CentOS explanation.


This article teaches how to create and transfer Public Key to the target server. There has always been an attempt to provide comprehensive training articles in order to avoid confusion. But it is best to do this first on a non-operational VM or VM and then implement the steps and test it properly on the operating server. Hope this useful tutorial will work.

Leave a Reply

Your email address will not be published. Required fields are marked *