To home page

Setting up SSH key authentication on the server

Guide to creating and managing SSH keys for secure server access.

SSH key authentication is the most reliable way to connect to your VPS or dedicated server. The public key is placed on the server, while the private key stays safely on your local computer — this completely eliminates password interception and greatly improves security.

  • Separate connection instructions on macOS/Linux: [Connect to a VPS or dedicated server via SSH on macOS](https://fornex.com/ru/help/ssh-to-vps-mac /)
  • Separate instructions for connecting to Windows OC: [Connecting to a VPS or dedicated server via SSH on Windows](https://fornex.com/ru/help/ssh-to-vps /)

Generate a key pair

  1. Open a terminal on your computer (macOS/Linux — Terminal, Windows — PowerShell or Git Bash).
  2. Run the command to generate keys (Ed25519 is recommended):
ssh-keygen -t ed25519 -C "your_email@example.com"

Note

If your system does not support Ed25519 (very old OS), use RSA instead: ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

  1. The tool will suggest a save location (default: ~/.ssh/id_ed25519 — press Enter).
  2. Enter a passphrase (optional) or leave it blank (press Enter twice).
  3. The keys will be created in the ~/.ssh folder:
    • id_ed25519 — private key (never share it!).
    • id_ed25519.pub — public key (this one goes to the server).

Copy the public key to the server

  1. Connect to the server via SSH (using password for now):
ssh root@your_server_ip
  1. Create the .ssh folder if it doesn’t exist:
mkdir -p ~/.ssh
chmod 700 ~/.ssh
  1. Add the public key to authorized_keys:
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... your_email@example.com" >> ~/.ssh/authorized_keys

Recommended one-command method from your local machine:

ssh-copy-id -i ~/.ssh/id_ed25519.pub root@your_server_ip

Configure the OpenSSH Server

  1. Open the SSH server configuration file:
nano /etc/ssh/sshd_config
  1. Make sure the following settings are present (uncomment or add them):
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
PasswordAuthentication no          # Recommended: disable password login
  1. Save the file (Ctrl+O → Enter → Ctrl+X).
  2. Set correct permissions on the files:
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chown root:root ~/.ssh/authorized_keys
  1. Restart the SSH service:
systemctl restart sshd

Configure the SSH Client (for convenience)

  1. Create or edit the file ~/.ssh/config on your local computer:
Host my-server
    HostName your_server_ip
    User root
    IdentityFile ~/.ssh/id_ed25519
    Port 22
  1. Set permissions:
chmod 600 ~/.ssh/config

Now you can connect simply with:

ssh my-server

Verification

Try connecting without a password:

ssh root@your_server_ip

If you log in without being asked for a password — SSH key authentication is set up correctly.

Help

If you have any questions or need assistance, please contact us through the ticket system — we're always here to help!

Need help?Our engineers will help you free of charge with any question in minutesContact us