Day 20beginnerFeb 20, 2026

Set Up SSH Keys the Right Way

SSH keys replace passwords with cryptographic authentication — more secure and no typing passwords every time.

linuxsshsecurity

What

SSH key pairs provide passwordless, more secure authentication to remote servers. The private key stays on your machine and should never be shared, while the public key is placed on any server you want to access. Modern best practice is to use Ed25519 keys for their speed and security.

Why It Matters

Passwords can be brute-forced, intercepted, or guessed. SSH keys use asymmetric cryptography that's practically impossible to crack. They also enable automated deployments, CI/CD pipelines, and git operations without exposing credentials.

Example

# Generate a modern Ed25519 SSH key pair
ssh-keygen -t ed25519 -C "your@email.com"

# Copy your public key to a remote server
ssh-copy-id user@server

# Set correct permissions (critical for security)
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519        # Private key — owner read/write only
chmod 644 ~/.ssh/id_ed25519.pub    # Public key — readable by others
chmod 600 ~/.ssh/authorized_keys   # Server-side authorized keys

# Test your connection
ssh user@server

bash

Common Mistake

Using RSA with a weak key size (1024 bits is crackable — prefer Ed25519, or RSA 3072/4096 where policy requires RSA) or not setting a passphrase on the private key. Without a passphrase, anyone who steals your private key file gets instant access to all your servers. Prefer Ed25519 as the modern default.

Quick Fix

Always use Ed25519 (or RSA 4096 if Ed25519 isn't supported). Add a strong passphrase during key generation, and use ssh-agent to cache it so you only type it once per session: eval $(ssh-agent) && ssh-add ~/.ssh/id_ed25519.