Tired of typing your VPS password every time you connect via SSH? Setting up a passwordless connection using SSH keys is a more secure and convenient way to access your remote Linux server. This guide will walk you through the process step-by-step, whether you're on Ubuntu, Windows, or macOS.
Prerequisites
Your Host Computer: Can be Ubuntu, Windows, or macOS.
Remote VPS: A Linux server.
Credentials: You'll need the username and current password for your VPS to set this up.
SSH Client (Host):
Ubuntu/macOS: OpenSSH is usually pre-installed. You can check by opening a terminal and typing ssh.
Windows: Modern Windows 10/11 includes OpenSSH. You can enable it or use a third-party client like PuTTY (this guide focuses on OpenSSH).
SSH Server (VPS): Your Linux VPS should have an OpenSSH server running, which is standard.
How it Works: The Magic of SSH Keys āØ
Instead of a password, SSH key authentication uses a pair of cryptographic keys:
When you try to connect, your SSH client and the server perform a handshake. The server uses the public key to issue a challenge that only your private key can correctly answer. If successful, you're in ā no password needed!
Step 1: Generate SSH Keys on Your Host Computer
This process creates your private and public key pair. If you already have SSH keys (e.g., for GitHub/GitLab), you can often reuse them. However, it's good practice to use separate keys for different services or decide if your existing key is secure enough for server access.
Instructions for your Host OS:
A. Ubuntu or macOS (and Windows with OpenSSH Client)
Open your Terminal:
Ubuntu: Press Ctrl+Alt+T.
macOS: Open Terminal.app (from Applications > Utilities).
Windows (OpenSSH): Open PowerShell or Command Prompt and type ssh. If it's recognized, proceed. If not, ensure the OpenSSH client feature is enabled in Windows settings or use WSL.
Generate the SSH Key Pair:
Run the following command:
ssh-keygen -t rsa -b 4096
Follow the Prompts:
You'll see output confirming the key generation, including the location of your public and private keys.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/yourusername/.ssh/id_rsa
Your public key has been saved in /home/yourusername/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx yourusername@yourhost
The key's randomart image is:
+---[RSA 4096]----+
| .. |
| . . |
| . . |
| . . . o .. . |
|. . oo..S . . |
| . .o.+o . E |
| . ooo= . . |
| .o+=+o . |
| .=B*Bo. |
+----[SHA256]-----+
B. Windows with PuTTY (Alternative if not using OpenSSH)
If you prefer PuTTY:
Download and Run PuTTYgen: Get it from the official PuTTY website.
Generate Keys:
Click the "Generate" button.
Move your mouse randomly over the blank area as instructed to generate randomness.
Once generated, you'll see the public key.
Optionally, enter a "Key passphrase" and confirm it for added security. For passwordless, leave it blank.
Click "Save private key" (e.g., id_rsa.ppk). Store this securely!
Copy the public key text from the "Public key for pasting into OpenSSH authorized_keys file" box. You'll need this for Step 2.
Step 2: Copy Your Public Key to the Remote VPS
Now, you need to place the public key you generated into a special file on your Linux VPS.
Method 1: Using ssh-copy-id (Recommended & Easiest - for OpenSSH users)
This command automatically appends your public key to the correct file on the VPS and sets the right permissions.
Open your Terminal (or PowerShell/CMD for Windows OpenSSH).
Run the command:
Replace vps_user with your username on the VPS and your_vps_ip_or_hostname with the VPS's IP address or hostname.
If you used the default key name (id_rsa):
ssh-copy-id vps_user@your_vps_ip_or_hostname
If you used a custom key name (e.g., id_rsa_vps):
ssh-copy-id -i ~/.ssh/id_rsa_vps.pub vps_user@your_vps_ip_or_hostname
(Adjust the path ~/.ssh/id_rsa_vps.pub if you saved it elsewhere or used a different name on Windows, e.g., -i C:\Users\YourUsername\.ssh\id_rsa_vps.pub).
Enter Your VPS Password: You'll be prompted for your VPS user's password one last time.
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
vps_user@your_vps_ip_or_hostname's password:
Done! The key should now be installed.
Method 2: Manual Copy (If ssh-copy-id is not available or for PuTTY users)
Get Your Public Key Content:
Copy the entire output (it starts with ssh-rsa or ecdsa-sha2-nistp256, etc., and ends with your username@host).
- PuTTY: You should have copied this from PuTTYgen in Step 1B.
SSH into your VPS using your password:
ssh vps_user@your_vps_ip_or_hostname
Enter your password when prompted.
On the VPS, create the .ssh directory and authorized_keys file (if they don't exist):
mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
mkdir -p ~/.ssh: Creates the .ssh directory if it doesn't exist.
chmod 700 ~/.ssh: Sets permissions for the directory (only owner can read, write, execute).
touch ~/.ssh/authorized_keys: Creates the file where public keys are stored.
chmod 600 ~/.ssh/authorized_keys: Sets permissions for the file (only owner can read, write). These permissions are crucial!
Open authorized_keys with a text editor (like nano):
nano ~/.ssh/authorized_keys
Paste Your Public Key: Paste the public key you copied in step 2.1 into a new line in the authorized_keys file. Ensure it's all one line.
Save and Exit:
- In
nano: Press Ctrl+X, then Y to confirm, then Enter to save.
Log out of the VPS:
exit
Step 3: Test Your Passwordless Connection
Now, try to SSH into your VPS from your host machine:
ssh vps_user@your_vps_ip_or_hostname
If you used a custom key name AND your SSH client doesn't automatically find it: You might need to specify the private key using the -i flag:
ssh -i ~/.ssh/id_rsa_vps vps_user@your_vps_ip_or_hostname
(Adjust the path ~/.ssh/id_rsa_vps as needed).
If everything is set up correctly, you should be logged into your VPS without being asked for a password! š
If you used a passphrase for your key: You will be prompted for that passphrase. To avoid typing it repeatedly, you can use an SSH agent (see Bonus section).
If you set a passphrase on your private key (good for security!), an SSH agent can cache the decrypted key after you enter the passphrase once, so you don't have to type it for every connection during your session.
A. Ubuntu & macOS
The SSH agent usually starts automatically.
Add your private key to the agent:
You'll be prompted for your key's passphrase if it has one. Now, you won't need to enter it again for new SSH connections in the same terminal session (or until you log out/reboot, depending on your setup).
B. Windows (OpenSSH)
Check if the SSH Agent service is running:
Open PowerShell as Administrator and run:
Get-Service ssh-agent
If Status is Stopped, start it and set it to start automatically:
Set-Service -Name ssh-agent -StartupType Automatic
Start-Service ssh-agent
Add your private key to the agent (in PowerShell or CMD):
Enter your key's passphrase if prompted.
C. Windows (PuTTY with Pageant)
PuTTY comes with an agent called Pageant.
Run Pageant. It will appear as an icon in your system tray.
Right-click the Pageant icon and select "Add Key".
Browse to your .ppk private key file, select it, and enter its passphrase if you set one. Pageant will now handle authentication for PuTTY sessions.
Step 5: (Optional but Highly Recommended) Enhance Security on VPS
Once you've confirmed passwordless SSH login is working, you can (and should) disable password authentication on your VPS to make it even more secure. This prevents brute-force password attacks.
ā ļø IMPORTANT: Ensure your key-based login is working perfectly before disabling password authentication. Otherwise, you could lock yourself out!
SSH into your VPS.
Edit the SSH daemon configuration file:
sudo nano /etc/ssh/sshd_config
Find and modify the following lines:
PasswordAuthentication: Change this to no. (Uncomment it by removing the # if it's commented out).
PasswordAuthentication no
PubkeyAuthentication: Ensure this is set to yes (it usually is by default).
PubkeyAuthentication yes
ChallengeResponseAuthentication: It's also a good idea to set this to no.
ChallengeResponseAuthentication no
Save and Exit: (Ctrl+X, then Y, then Enter in nano).
Restart the SSH service to apply changes:
The command might vary slightly depending on your Linux distribution:
sudo systemctl restart sshd
or
sudo systemctl restart ssh
or
sudo service ssh restart
Test Again: Open a new terminal window on your host and try to SSH into your VPS. It should connect without a password. Try SSHing with a command that would force password auth (e.g., ssh -o PreferredAuthentications=password vps_user@your_vps_ip_or_hostname) to confirm password login is indeed disabled.
Troubleshooting Tips š
Permission Denied (Publickey):
Permissions on VPS: Double-check the permissions on your VPS:
~/.ssh directory should be 700 (drwx------).
~/.ssh/authorized_keys file should be 600 (-rw-------).
Your home directory (~) on the VPS should not be world-writable (e.g., 755 or rwxr-xr-x is fine). Use ls -ld ~/.ssh ~/.ssh/authorized_keys ~ on the VPS to check. Use chmod to fix them as shown in Step 2, Method 2.
Key Copied Correctly: Ensure the entire public key was copied correctly into ~/.ssh/authorized_keys without any extra line breaks or missing characters.
Correct Private Key: If you have multiple keys, ensure your SSH client is trying to use the correct private key. Use ssh -v vps_user@your_vps_ip_or_hostname for verbose output, which can show which keys it's attempting. Use the -i flag to specify a key if needed.
Still Asking for Password:
The public key might not be in ~/.ssh/authorized_keys on the VPS, or permissions are wrong.
The SSH server on the VPS might not be configured to allow public key authentication (PubkeyAuthentication yes in /etc/ssh/sshd_config).
The SSH service on the VPS wasn't restarted after config changes.
ssh-add "Could not open a connection to your authentication agent.":
- The SSH agent isn't running. See Step 4 for how to start it.
Windows File Paths: Remember that Windows paths use backslashes (\) and the home directory equivalent is often $env:USERPROFILE\.ssh in PowerShell or C:\Users\YourUsername\.ssh in general.
By following these steps, you'll have a streamlined and secure way to access your Linux VPS! Happy connecting!
Tired of typing your VPS password every time you connect via SSH? Setting up a passwordless connection using SSH keys is a more secure and convenient way to access your remote Linux server. This guide will walk you through the process step-by-step, whether you're on Ubuntu, Windows, or macOS.
Prerequisites
Your Host Computer: Can be Ubuntu, Windows, or macOS.
Remote VPS: A Linux server.
Credentials: You'll need the username and current password for your VPS to set this up.
SSH Client (Host):
Ubuntu/macOS: OpenSSH is usually pre-installed. You can check by opening a terminal and typing
ssh.Windows: Modern Windows 10/11 includes OpenSSH. You can enable it or use a third-party client like PuTTY (this guide focuses on OpenSSH).
SSH Server (VPS): Your Linux VPS should have an OpenSSH server running, which is standard.
How it Works: The Magic of SSH Keys āØ
Instead of a password, SSH key authentication uses a pair of cryptographic keys:
Private Key: Stays securely on your host computer. Never share this!
Public Key: You'll copy this to your remote VPS.
When you try to connect, your SSH client and the server perform a handshake. The server uses the public key to issue a challenge that only your private key can correctly answer. If successful, you're in ā no password needed!
Step 1: Generate SSH Keys on Your Host Computer
This process creates your private and public key pair. If you already have SSH keys (e.g., for GitHub/GitLab), you can often reuse them. However, it's good practice to use separate keys for different services or decide if your existing key is secure enough for server access.
Instructions for your Host OS:
A. Ubuntu or macOS (and Windows with OpenSSH Client)
Open your Terminal:
Ubuntu: Press
Ctrl+Alt+T.macOS: Open
Terminal.app(from Applications > Utilities).Windows (OpenSSH): Open PowerShell or Command Prompt and type
ssh. If it's recognized, proceed. If not, ensure the OpenSSH client feature is enabled in Windows settings or use WSL.Generate the SSH Key Pair:
Run the following command:
-t rsa: Specifies the RSA algorithm (widely compatible and secure).-b 4096: Specifies a key length of 4096 bits (very secure).Follow the Prompts:
"Enter file in which to save the key...":
If you have NO existing keys or want to overwrite: Press
Enterto accept the default location (e.g.,/home/your_username/.ssh/id_rsaon Linux/macOS,C:\Users\YourUsername\.ssh\id_rsaon Windows).If you HAVE existing keys and want a NEW, SEPARATE key: Provide a different filename, for example:
/home/your_username/.ssh/id_rsa_vpsorC:\Users\YourUsername\.ssh\id_rsa_vps."Enter passphrase (empty for no passphrase):":
For true passwordless login: Press
Enter(leave it empty). This is convenient but means anyone with access to your private key file can log in.For added security (recommended): Enter a strong passphrase. You'll be prompted for this passphrase once per session when using the key, or you can use an SSH agent to remember it. This guide aims for "passwordless" server login, so we'll assume empty for now, but be aware of the security implication. Press
Enteragain to confirm.You'll see output confirming the key generation, including the location of your public and private keys.
Generating public/private rsa key pair. Enter file in which to save the key (/home/yourusername/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/yourusername/.ssh/id_rsa Your public key has been saved in /home/yourusername/.ssh/id_rsa.pub The key fingerprint is: SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx yourusername@yourhost The key's randomart image is: +---[RSA 4096]----+ | .. | | . . | | . . | | . . . o .. . | |. . oo..S . . | | . .o.+o . E | | . ooo= . . | | .o+=+o . | | .=B*Bo. | +----[SHA256]-----+B. Windows with PuTTY (Alternative if not using OpenSSH)
If you prefer PuTTY:
Download and Run PuTTYgen: Get it from the official PuTTY website.
Generate Keys:
Click the "Generate" button.
Move your mouse randomly over the blank area as instructed to generate randomness.
Once generated, you'll see the public key.
Optionally, enter a "Key passphrase" and confirm it for added security. For passwordless, leave it blank.
Click "Save private key" (e.g.,
id_rsa.ppk). Store this securely!Copy the public key text from the "Public key for pasting into OpenSSH authorized_keys file" box. You'll need this for Step 2.
Step 2: Copy Your Public Key to the Remote VPS
Now, you need to place the public key you generated into a special file on your Linux VPS.
Method 1: Using
ssh-copy-id(Recommended & Easiest - for OpenSSH users)This command automatically appends your public key to the correct file on the VPS and sets the right permissions.
Open your Terminal (or PowerShell/CMD for Windows OpenSSH).
Run the command:
Replace vps_user with your username on the VPS and your_vps_ip_or_hostname with the VPS's IP address or hostname.
If you used the default key name (
id_rsa):If you used a custom key name (e.g.,
id_rsa_vps):(Adjust the path
~/.ssh/id_rsa_vps.pubif you saved it elsewhere or used a different name on Windows, e.g.,-i C:\Users\YourUsername\.ssh\id_rsa_vps.pub).Enter Your VPS Password: You'll be prompted for your VPS user's password one last time.
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys vps_user@your_vps_ip_or_hostname's password:Done! The key should now be installed.
Method 2: Manual Copy (If
ssh-copy-idis not available or for PuTTY users)Get Your Public Key Content:
OpenSSH (Linux/macOS/Windows): Display your public key in the terminal.
Default key:
Custom key (e.g.,
id_rsa_vps):Copy the entire output (it starts with
ssh-rsaorecdsa-sha2-nistp256, etc., and ends with your username@host).SSH into your VPS using your password:
Enter your password when prompted.
On the VPS, create the
.sshdirectory andauthorized_keysfile (if they don't exist):mkdir -p ~/.ssh: Creates the.sshdirectory if it doesn't exist.chmod 700 ~/.ssh: Sets permissions for the directory (only owner can read, write, execute).touch ~/.ssh/authorized_keys: Creates the file where public keys are stored.chmod 600 ~/.ssh/authorized_keys: Sets permissions for the file (only owner can read, write). These permissions are crucial!Open
authorized_keyswith a text editor (likenano):Paste Your Public Key: Paste the public key you copied in step 2.1 into a new line in the
authorized_keysfile. Ensure it's all one line.Save and Exit:
nano: PressCtrl+X, thenYto confirm, thenEnterto save.Log out of the VPS:
exitStep 3: Test Your Passwordless Connection
Now, try to SSH into your VPS from your host machine:
If you used a custom key name AND your SSH client doesn't automatically find it: You might need to specify the private key using the
-iflag:(Adjust the path
~/.ssh/id_rsa_vpsas needed).If everything is set up correctly, you should be logged into your VPS without being asked for a password! š
If you used a passphrase for your key: You will be prompted for that passphrase. To avoid typing it repeatedly, you can use an SSH agent (see Bonus section).
Step 4: (Optional but Recommended) Configure SSH Agent for Keys with Passphrases
If you set a passphrase on your private key (good for security!), an SSH agent can cache the decrypted key after you enter the passphrase once, so you don't have to type it for every connection during your session.
A. Ubuntu & macOS
The SSH agent usually starts automatically.
Add your private key to the agent:
Default key:
Custom key:
You'll be prompted for your key's passphrase if it has one. Now, you won't need to enter it again for new SSH connections in the same terminal session (or until you log out/reboot, depending on your setup).
B. Windows (OpenSSH)
Check if the SSH Agent service is running:
Open PowerShell as Administrator and run:
If
StatusisStopped, start it and set it to start automatically:Add your private key to the agent (in PowerShell or CMD):
Default key:
ssh-add $env:USERPROFILE\.ssh\id_rsaCustom key:
ssh-add $env:USERPROFILE\.ssh\id_rsa_vpsEnter your key's passphrase if prompted.
C. Windows (PuTTY with Pageant)
PuTTY comes with an agent called Pageant.
Run Pageant. It will appear as an icon in your system tray.
Right-click the Pageant icon and select "Add Key".
Browse to your
.ppkprivate key file, select it, and enter its passphrase if you set one. Pageant will now handle authentication for PuTTY sessions.Step 5: (Optional but Highly Recommended) Enhance Security on VPS
Once you've confirmed passwordless SSH login is working, you can (and should) disable password authentication on your VPS to make it even more secure. This prevents brute-force password attacks.
SSH into your VPS.
Edit the SSH daemon configuration file:
Find and modify the following lines:
PasswordAuthentication: Change this tono. (Uncomment it by removing the#if it's commented out).PubkeyAuthentication: Ensure this is set toyes(it usually is by default).ChallengeResponseAuthentication: It's also a good idea to set this tono.Save and Exit: (
Ctrl+X, thenY, thenEnterinnano).Restart the SSH service to apply changes:
The command might vary slightly depending on your Linux distribution:
or
or
Test Again: Open a new terminal window on your host and try to SSH into your VPS. It should connect without a password. Try SSHing with a command that would force password auth (e.g.,
ssh -o PreferredAuthentications=password vps_user@your_vps_ip_or_hostname) to confirm password login is indeed disabled.Troubleshooting Tips š
Permission Denied (Publickey):
Permissions on VPS: Double-check the permissions on your VPS:
~/.sshdirectory should be700(drwx------).~/.ssh/authorized_keysfile should be600(-rw-------).Your home directory (
~) on the VPS should not be world-writable (e.g.,755orrwxr-xr-xis fine). Usels -ld ~/.ssh ~/.ssh/authorized_keys ~on the VPS to check. Usechmodto fix them as shown in Step 2, Method 2.Key Copied Correctly: Ensure the entire public key was copied correctly into
~/.ssh/authorized_keyswithout any extra line breaks or missing characters.Correct Private Key: If you have multiple keys, ensure your SSH client is trying to use the correct private key. Use
ssh -v vps_user@your_vps_ip_or_hostnamefor verbose output, which can show which keys it's attempting. Use the-iflag to specify a key if needed.Still Asking for Password:
The public key might not be in
~/.ssh/authorized_keyson the VPS, or permissions are wrong.The SSH server on the VPS might not be configured to allow public key authentication (
PubkeyAuthentication yesin/etc/ssh/sshd_config).The SSH service on the VPS wasn't restarted after config changes.
ssh-add"Could not open a connection to your authentication agent.":Windows File Paths: Remember that Windows paths use backslashes (
\) and the home directory equivalent is often$env:USERPROFILE\.sshin PowerShell orC:\Users\YourUsername\.sshin general.By following these steps, you'll have a streamlined and secure way to access your Linux VPS! Happy connecting!