Installing SSH Keys in Ubuntu: Guide to Secure and Password-Free Access
This guide walks you through how to get secure and password-free access to your Ubuntu servers with SSH keys.
You will create a new Ed25519 key pair, transfer the public key to the server with the ssh-copy-id command, and ensure full security by turning off password access.
🧠 1. Technical Summary
| Area | Description |
|---|---|
| Main Technical Topic | SSH key-based authentication setup on Ubuntu |
| Solved Problem | Password-based SSH connections are vulnerable to brute-force attacks |
| Steps Followed | 1️⃣ Creating the key • 2️⃣ Copying the public key to the server • 3️⃣ Turning off password entry • 4️⃣ Advanced security settings |
| Recommended Algorithm | 🔒 Ed25519 – provides modern, fast and powerful security |
🚀 2. Logic of SSH Keys
SSH (Secure Shell) is used for secure access to remote systems.
While passwords remain weak, SSH keys increase security with public/private key encryption.
| Genre | Description |
|---|---|
| Private Key | It is the file that proves your identity. It remains only with you. |
| Public Key | It is copied to the server and used for input validation. |
💡 Ed25519 is the most recommended key algorithm as of 2025 in terms of speed and security.
⚙️ 3. Requirements
| Requirement | Description |
|---|---|
| Ubuntu version | 22.04 LTS or above |
| User | Non-root user with sudo privilege |
| Packages | openssh-client (local), openssh-server (server) |
# SSH bileşenlerini yükle
sudo apt update
sudo apt install openssh-server openssh-client
🔑 4. Generating an SSH Key Pair
Run the following command to create a new SSH key pair:
ssh-keygen -t ed25519
Then respectively:
Registration path: ~/.ssh/id_ed25519 (confirm with ENTER)
Password (passphrase): Set a strong password
Result:
~/.ssh/id_ed25519 → Private key
~/.ssh/id_ed25519.pub → Public key
| File | Permission | Description |
|---|---|---|
id_ed25519 | 600 | Private key – kept secret |
id_ed25519.pub | 644 | Public key – sent to server |
☁️ 5. Transferring Public Key to Server
The easiest method is the ssh-copy-id command:
ssh-copy-id kullanici@sunucu_ip
This command:
Creates ~/.ssh directory,
Sets the authorized_keys file,
Issues permissions correctly.
You can now log in:
ssh kullanici@sunucu_ip
🧭 Alternative (Manual Method)
cat ~/.ssh/id_ed25519.pub
On the server:
mkdir -p ~/.ssh && chmod 700 ~/.ssh
echo "ANAHTAR_METNI" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
🧱 6. Disabling Password Login (Security Step)
Edit SSH configuration file:
sudo nano /etc/ssh/sshd_config
Find and edit the following lines:
PasswordAuthentication no
PermitRootLogin no
Save, exit and restart the SSH service:
sudo systemctl restart ssh
⚠️ Warning: Do not do this step without testing your key entry, you may lose access.
🧰 7. Password Ease with SSH Agent
If you have added a password to your key, SSH Agent will save you from having to type a password every time you log in.
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
This way, you only need to verify the key once in the same session.
📁 8. Multiple Key Management (config File)
If you are using more than one server, create the ~/.ssh/config file:
touch ~/.ssh/config
nano ~/.ssh/config
Example:
# GenixNode
Host genixnode
HostName 203.0.113.42
User devadmin
IdentityFile ~/.ssh/id_ed25519_genixnode
# GitHub
Host github
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_github
Now just:
ssh genixnode
You can connect by typing. 🚀
🧩 9. Setting Permissions Correctly
If SSH permissions are incorrect, the connection will be denied. To apply the correct settings:
| Road | Command | Description |
|---|---|---|
~/.ssh/ | chmod 700 ~/.ssh | Only owner can access |
~/.ssh/authorized_keys | chmod 600 ~/.ssh/authorized_keys | Only owner can read/write |
~/.ssh/id_ed25519 | chmod 600 ~/.ssh/id_ed25519 | Private key protected |
🧱 10. Common Mistakes
| Problem | Why | Solution |
|---|---|---|
Permission denied (publickey) | Incorrect permissions | chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys |
Connection refused | SSH service stopped | sudo systemctl restart ssh |
user not in the sudoers file | User is not in the sudo group | sudo usermod -aG sudo <kullanıcı> |
parse error near 'ALL' | Sudoers file is incorrect | Check with sudo visudo -c |
🧱 11. Advanced Security Recommendations
Root login must be closed.
Change SSH port: /etc/ssh/sshd_config → Port 2222
Install Fail2Ban: sudo apt install fail2ban
Key rotation: Change keys at least once a year.
Backup: Store private key in encrypted storage.
🧠 12. Frequently Asked Questions (FAQ)
- I forgot my SSH key password, what should I do?
Use a spare key or add a new public key via the web console.
- Why is Ed25519 recommended over RSA?
More secure, shorter key length, faster verification.
- What should I do if ssh-copy-id is not working?
Add the key manually:
mkdir -p ~/.ssh && chmod 700 ~/.ssh
echo "ANAHTAR" >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys
- I'm getting a connection error, where should I start?
Examine the error details with the ssh -v user@server command.
- What if the SSH port is closed on the server?
Open the port with sudo ufw allow ssh.
✅ 13. Conclusion
You have now set up passwordless, secure SSH access on Ubuntu 🎉 This configuration:
Prevents brute-force attacks,
It speeds up entry,
It makes management easier.
🌩️ You can immediately apply additional security steps in your GenixNode infrastructure and automate SSH key management.