Create an SSH Key and Secure Access to Your Server

Why use an SSH key?

When connecting to a Linux server, we often use SSH (Secure Shell). By default, SSH allows login with a password — but this is not secure.

The best practice is to use an SSH key, a kind of digital password that is much harder to guess or break.

On your local computer, open a terminal and run:

ssh-keygen -t rsa -b 4096 -C "your.email@example.com"

Explanation:

Just press Enter to accept the default file location:

Enter file in which to save the key (/home/you/.ssh/id_rsa):

Then enter an optional passphrase (don’t forget it!)
This will create two files:

Use this command:

ssh-copy-id user@server_ip_address

The system will:

✅ You can now log in without a password:

ssh user@server_ip_address

Once your key-based login works, disable password login to prevent brute-force attacks.

On the server, open the SSH config file:

sudo nano /etc/ssh/sshd_config

Edit or add these lines:

PasswordAuthentication no
PermitRootLogin no

💡 You can also use PermitRootLogin prohibit-password if you want to allow root access by SSH key only.

Then restart the SSH service:

# Debian/Ubuntu
sudo systemctl restart ssh

# Red Hat/CentOS/Rocky
sudo systemctl restart sshd

Before closing your current terminal, open a new SSH session to verify everything is working.

If you connect successfully, your key setup is correct ✅

Your private key (~/.ssh/id_rsa) must remain secret.

Best practices:

Step	Command or Action
Generate SSH key	`ssh-keygen`
Copy public key to the server	`ssh-copy-id user@ip`
Disable password login	`PasswordAuthentication no`
Restart SSH	`systemctl restart ssh` or `sshd`
Test connection	`ssh user@ip`

🔐 Your server is now much more secure against attacks! Don’t hesitate to include this setup in your future deployments.