Guide to Creating an SSH Key and Secure Connection in Linux

SSH (Secure Shell) is the most popular way to communicate securely with remote servers.
In this guide, you will learn how to create a secure key pair with the ssh-keygen tool, add this key to the remote server, and increase security by turning off password logins.

💡 What You Will Learn in This Guide

How SSH keys work,
Creating private and public keys with ssh-keygen,
Adding the public key to the server (ssh-copy-id or manually),
Providing password-free login,
Finally, maximize security by turning off password authentication.

🧠 How Do SSH Keys Work?

SSH key authentication works via two keys:

Key Type	Description
Private Key	Only you have it and it must be kept confidential. If you wish, you can encrypt it with a password.
Public Key	It is uploaded to the remote server and can be shared. Only if it matches the secret key will the session be opened.

Once the connection is established, the server tests whether the client actually has the private key.
If the client passes authentication, a secure login is established without entering a password.

⚙️ Step 1 — Generating an SSH Key Pair

To create an SSH key in Linux, run the following command in the terminal:

ssh-keygen -t rsa -b 4096 -C "kullanici@ornek.com"

This command creates an RSA type key pair that is 4096 bits long. Keys are usually stored as id_rsa (private) and id_rsa.pub (public) in the ~/.ssh/ directory.

🔧 Step by Step

Location Question:

Enter file in which to save the key (/home/kullanici/.ssh/id_rsa):

Confirm the default location by pressing ENTER.

Password Determination:

Recommended for security. If you do not want to enter, press ENTER.

After Creation:

Your identification has been saved in /home/kullanici/.ssh/id_rsa
Your public key has been saved in /home/kullanici/.ssh/id_rsa.pub

Now your key pair to use for SSH connections is ready.

🌍 Step 2 — Copying the Public Key to the Server

For the SSH key to work, the public key (id_rsa.pub) must be added to the remote server.

🧩 Method A: via ssh-copy-id (Automatic)


ssh-copy-id kullanici@tr1-node01.ornek.com

This command automatically adds the id_rsa.pub file to the ~/.ssh/authorized_keys directory on the remote server. In the first connection, “Are you sure?” Continue by saying yes to the question.

When prompted for a password, enter your current user password. Now your connection will be done without a password.

🧩 Method B: Manual Copy (Alternative)

If ssh-copy-id is not installed, you can use the following command:

cat ~/.ssh/id_rsa.pub | ssh kullanici@sunucu_adresi "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

This method creates the ~/.ssh directory and adds the key contents to the authorized_keys file.

🧪 Step 3 — Testing Authentication with Key

Now test your SSH connection:

ssh kullanici@tr1-node01.ornek.com

If you have not specified a passphrase, you will enter directly. If you have specified it, only that password will be asked, no remote server password is required.

Now that you have secured login with your SSH key, you can turn off password authentication.

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find the PasswordAuthentication line and set it like this:


PasswordAuthentication no

Save the file and restart the SSH service:

sudo systemctl restart ssh

Now only login can be done with SSH key. Login attempts with password are blocked.

🧱 Step 5 — Hardware Based Security (HSM) [Optional]

For further security, you can use Hardware Security Module (HSM). This method stores your keys on physical hardware.

🔧 Sample Setup

ssh-keygen -D /usr/lib/opensc-pkcs11.so -s user-hsm-key
ssh-keygen -D /usr/lib/opensc-pkcs11.so -e > ~/.ssh/id_hsm.pub

You can also add this key to the authorized_keys file.

🧩 SSH Command Summary

Task	Command	Description
Generate SSH key	`ssh-keygen -t rsa -b 4096`	Creates new RSA key pair.
Copying the public key to the server	`ssh-copy-id user@host`	It automatically transfers the key.
Adding key manually	`cat ~/.ssh/id_rsa.pub >> authorized_keys`	Manual method.
Restarting SSH service	`sudo systemctl restart ssh`	Applies the configuration.
Turn off password entry	`PasswordAuthentication no`	Allows only key-based login.

❓ Frequently Asked Questions (FAQ)

1. Which is more secure, a password or an SSH key?

SSH keys are much more secure. Long keys such as 4096-bit RSA or Ed25519 are resistant to brute-force attacks.

2. Do I have to use passphrase?

No, but it is recommended. Even if your key is stolen, it cannot be used without passphrase.

3. What happens if I lose my private key?

You cannot access remote servers. You need to create a new key and update the authorized_keys file.

4. What is the difference between key types?

Type Feature RSA Most common, high compatibility. Ed25519 More modern and faster, short key length.

5. My SSH connection still requires a password, why?

Check the permissions of your ~/.ssh folder:

bash

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

🌟 Result

You have now successfully set up secure SSH key authentication on your Linux system. This method prevents password attacks and makes your connections fully encrypted.

🔐 For more security: You can try it on your own servers on the GenixNode platform now!

💡 What You Will Learn in This Guide​

🧠 How Do SSH Keys Work?​

⚙️ Step 1 — Generating an SSH Key Pair​

🔧 Step by Step​

Password Determination:​

🌍 Step 2 — Copying the Public Key to the Server​

🧩 Method A: via ssh-copy-id (Automatic)​

🧩 Method B: Manual Copy (Alternative)​

🧪 Step 3 — Testing Authentication with Key​

🔒 Step 4 — Disable Password-Based Login​

🧱 Step 5 — Hardware Based Security (HSM) [Optional]​

🔧 Sample Setup​

🧩 SSH Command Summary​

❓ Frequently Asked Questions (FAQ)​

🌟 Result​