{"id":121,"date":"2026-05-26T16:48:15","date_gmt":"2026-05-26T16:48:15","guid":{"rendered":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/"},"modified":"2026-05-26T16:48:15","modified_gmt":"2026-05-26T16:48:15","slug":"how-to-set-up-ssh-keys-linux","status":"publish","type":"post","link":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/","title":{"rendered":"How to Set Up SSH Keys on Linux for Password-Free Authentication"},"content":{"rendered":"<h2>Overview<\/h2>\n<p>SSH key authentication replaces your server password with a cryptographic key pair \u2014 one private key that stays on your local machine, and one public key that lives on your server. When you connect, your SSH client proves identity by signing a challenge with your private key. Your server verifies it using the public key. No password ever crosses the wire.<\/p>\n<p>Most people set this up after getting a new VPS or dedicated server and getting tired of typing a password every time they connect. It&#8217;s also a hard requirement on many production setups because password-based SSH is a serious attack surface. If your server is publicly accessible, bots are hammering port 22 constantly \u2014 key-only auth shuts that attack vector down entirely.<\/p>\n<p>This guide covers generating an Ed25519 key pair on your local Linux machine, deploying the public key to a remote server, and optionally disabling password login. The same process applies whether you&#8217;re on Ubuntu 22.04 LTS, Debian 12, Rocky Linux 9, or most other modern distributions.<\/p>\n<h2>Prerequisites<\/h2>\n<ul>\n<li>A local Linux machine (desktop or laptop) running OpenSSH client \u2014 installed by default on Ubuntu, Debian, Fedora, Arch, and most others<\/li>\n<li>A remote Linux server you can currently log into \u2014 either by password SSH or via your hosting control panel&#8217;s web console<\/li>\n<li>SSH access to the remote server on port 22 (or a custom port if you&#8217;ve changed it)<\/li>\n<li>A non-root user account with <code class=\"\" data-line=\"\">sudo<\/code> privileges on the remote server, or root access directly<\/li>\n<li>OpenSSH 6.5 or later on both machines \u2014 run <code class=\"\" data-line=\"\">ssh -V<\/code> to check. Ed25519 keys require this version minimum. Any server provisioned in the last five years will have it.<\/li>\n<\/ul>\n<h2>Step-by-Step Instructions<\/h2>\n<h3>Step 1: Generate an Ed25519 Key Pair Locally<\/h3>\n<p>Run this on your <strong>local machine<\/strong>, not the server. Ed25519 is the algorithm I&#8217;d recommend \u2014 it&#8217;s faster than RSA 4096 and the keys are shorter, which means fewer headaches with tools that truncate long strings. RSA 4096 is still fine if you have compatibility requirements, but Ed25519 is the modern default.<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-1\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-1'><code class=\"\" data-line=\"\">ssh-keygen -t ed25519 -C &quot;your_email@example.com&quot; -f ~\/.ssh\/id_ed25519<\/code><\/pre>\n<\/div>\n<p>The <code class=\"\" data-line=\"\">-C<\/code> flag adds a comment to the key \u2014 typically your email. It doesn&#8217;t affect functionality but helps you identify which key is which when you have several. The <code class=\"\" data-line=\"\">-f<\/code> flag sets the output filename explicitly so there&#8217;s no ambiguity.<\/p>\n<p>You&#8217;ll be prompted for a passphrase. Use one. A passphrase encrypts your private key on disk, so if your laptop is stolen the key is still useless without it. You can add the key to <code class=\"\" data-line=\"\">ssh-agent<\/code> so you only type the passphrase once per session \u2014 covered in the FAQ below.<\/p>\n<p>After running the command, you&#8217;ll have two files:<\/p>\n<ul>\n<li><code class=\"\" data-line=\"\">~\/.ssh\/id_ed25519<\/code> \u2014 your private key. Never share this, never copy it to the server, never paste it anywhere.<\/li>\n<li><code class=\"\" data-line=\"\">~\/.ssh\/id_ed25519.pub<\/code> \u2014 your public key. This is what you copy to the server.<\/li>\n<\/ul>\n<h3>Step 2: Copy Your Public Key to the Remote Server<\/h3>\n<p>The cleanest way is <code class=\"\" data-line=\"\">ssh-copy-id<\/code>, which handles file permissions automatically. Permissions on <code class=\"\" data-line=\"\">~\/.ssh\/authorized_keys<\/code> are one of the most common reasons SSH key auth fails silently.<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-2\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-2'><code class=\"\" data-line=\"\">ssh-copy-id -i ~\/.ssh\/id_ed25519.pub your_user@your_server_ip<\/code><\/pre>\n<\/div>\n<p>You&#8217;ll be prompted for your current SSH password one last time. After that, your public key is appended to <code class=\"\" data-line=\"\">~\/.ssh\/authorized_keys<\/code> on the server with correct permissions set automatically.<\/p>\n<p>\ud83d\udcdd Note: If <code class=\"\" data-line=\"\">ssh-copy-id<\/code> isn&#8217;t available on your local machine (uncommon but possible on some minimal installs), you can do it manually:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-3\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-3'><code class=\"\" data-line=\"\"># Run this on your local machine \u2014 it pipes your public key directly into authorized_keys on the server\ncat ~\/.ssh\/id_ed25519.pub | ssh your_user@your_server_ip &quot;mkdir -p ~\/.ssh &amp;&amp; chmod 700 ~\/.ssh &amp;&amp; cat &gt;&gt; ~\/.ssh\/authorized_keys &amp;&amp; chmod 600 ~\/.ssh\/authorized_keys&quot;<\/code><\/pre>\n<\/div>\n<p>The <code class=\"\" data-line=\"\">chmod 700<\/code> on <code class=\"\" data-line=\"\">~\/.ssh<\/code> and <code class=\"\" data-line=\"\">chmod 600<\/code> on <code class=\"\" data-line=\"\">authorized_keys<\/code> are not optional. OpenSSH will refuse to use keys if these permissions are too open \u2014 this is a deliberate security check, not a bug.<\/p>\n<h3>Step 3: Test Key-Based Login Before Disabling Passwords<\/h3>\n<p>\u26a0 Warning: Don&#8217;t disable password authentication until you&#8217;ve confirmed key login works. If you lock yourself out, you&#8217;ll need to use your hosting provider&#8217;s web-based console to recover access.<\/p>\n<p>Open a new terminal window \u2014 keep your existing session open \u2014 and test the connection:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-4\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-4'><code class=\"\" data-line=\"\">ssh -i ~\/.ssh\/id_ed25519 your_user@your_server_ip<\/code><\/pre>\n<\/div>\n<p>If it connects without prompting for your server password (only your key passphrase if you set one), key auth is working. If it still asks for your server password, skip to the troubleshooting section below.<\/p>\n<h3>Step 4: Disable Password Authentication (Recommended)<\/h3>\n<p>Once key login is confirmed, disabling password auth removes a major attack vector. On your remote server, edit the SSH daemon config:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-5\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-5'><code class=\"\" data-line=\"\">sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n<\/div>\n<p>Find and set these three directives. They may already exist but be commented out with <code class=\"\" data-line=\"\">#<\/code> \u2014 uncomment them and change the values:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-6\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-6'><code class=\"\" data-line=\"\">PasswordAuthentication no\nPubkeyAuthentication yes\nAuthorizationKeysFile .ssh\/authorized_keys<\/code><\/pre>\n<\/div>\n<p>\ud83d\udcdd Note: On Ubuntu 22.04 and later, there&#8217;s a second config file at <code class=\"\" data-line=\"\">\/etc\/ssh\/sshd_config.d\/50-cloud-init.conf<\/code> that can override your main config. Open it and check \u2014 if it contains <code class=\"\" data-line=\"\">PasswordAuthentication yes<\/code>, either remove that line or change it to <code class=\"\" data-line=\"\">no<\/code>. This trips up a lot of people and the error isn&#8217;t obvious at all.<\/p>\n<p>Save the file, then restart the SSH service:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-7\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-7'><code class=\"\" data-line=\"\"># On systemd-based distros (Ubuntu, Debian, Rocky Linux, AlmaLinux)\nsudo systemctl restart sshd<\/code><\/pre>\n<\/div>\n<p>\u26a0 Warning: Don&#8217;t close your current SSH session yet. Open another terminal and confirm you can still log in with your key. Only then is it safe to close everything.<\/p>\n<h3>Step 5: Set Correct Permissions If You Configured Keys Manually<\/h3>\n<p>If you copied the key manually rather than using <code class=\"\" data-line=\"\">ssh-copy-id<\/code>, double-check permissions on the server:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-8\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-8'><code class=\"\" data-line=\"\">chmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys<\/code><\/pre>\n<\/div>\n<p>The home directory itself also can&#8217;t be world-writable \u2014 <code class=\"\" data-line=\"\">chmod 755 ~<\/code> if you&#8217;re unsure.<\/p>\n<h2>Common Issues &amp; Troubleshooting<\/h2>\n<h3>SSH Still Asks for Password After Copying the Key<\/h3>\n<p>Almost always a permissions problem on the server. SSH is deliberately strict about this. Log in via your hosting console and run:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-9\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-9'><code class=\"\" data-line=\"\">ls -la ~\/.ssh\/\nstat ~\/.ssh\/authorized_keys<\/code><\/pre>\n<\/div>\n<p><code class=\"\" data-line=\"\">~\/.ssh<\/code> must be <code class=\"\" data-line=\"\">700<\/code>, <code class=\"\" data-line=\"\">authorized_keys<\/code> must be <code class=\"\" data-line=\"\">600<\/code>, and both must be owned by your user \u2014 not root. Also check your home directory isn&#8217;t world-writable (<code class=\"\" data-line=\"\">ls -ld ~<\/code>). If it is, OpenSSH ignores the key entirely.<\/p>\n<h3>Permission Denied (publickey) Error<\/h3>\n<p>This means the server rejected your key. Run SSH in verbose mode to see exactly what&#8217;s happening:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-10\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-10'><code class=\"\" data-line=\"\">ssh -vvv -i ~\/.ssh\/id_ed25519 your_user@your_server_ip 2&gt;&amp;1 | grep -A2 &quot;Offering|Authentications&quot;<\/code><\/pre>\n<\/div>\n<p>Look for lines showing which key was offered and whether it was accepted. Common causes: wrong key file specified, public key not in <code class=\"\" data-line=\"\">authorized_keys<\/code>, or <code class=\"\" data-line=\"\">PubkeyAuthentication<\/code> disabled in <code class=\"\" data-line=\"\">sshd_config<\/code>.<\/p>\n<h3>Ubuntu 22.04: Password Auth Still Works After Setting PasswordAuthentication no<\/h3>\n<p>This is the <code class=\"\" data-line=\"\">\/etc\/ssh\/sshd_config.d\/50-cloud-init.conf<\/code> override issue mentioned in Step 4. Cloud-init drops that file during provisioning and it takes priority. Edit it directly:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-11\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-11'><code class=\"\" data-line=\"\">sudo nano \/etc\/ssh\/sshd_config.d\/50-cloud-init.conf\n# Change or remove the line: PasswordAuthentication yes\nsudo systemctl restart sshd<\/code><\/pre>\n<\/div>\n<h3>Agent Admitted Failure to Sign Using the Key<\/h3>\n<p>Your key is loaded into <code class=\"\" data-line=\"\">ssh-agent<\/code> but the agent can&#8217;t use it, often because the key was added to the agent but the passphrase wasn&#8217;t accepted correctly, or the agent lost its state after a system resume. Fix it by re-adding the key:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-12\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-12'><code class=\"\" data-line=\"\">ssh-add -D             # clears all keys from the agent\nssh-add ~\/.ssh\/id_ed25519   # re-adds your key, prompts for passphrase<\/code><\/pre>\n<\/div>\n<h3>SELinux Blocking SSH Key Auth on Rocky Linux \/ AlmaLinux<\/h3>\n<p>On SELinux-enforcing systems, if you created <code class=\"\" data-line=\"\">~\/.ssh<\/code> or <code class=\"\" data-line=\"\">authorized_keys<\/code> in an unusual way (e.g. copied from another location), the SELinux context might be wrong. Fix the context and restart:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-13\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-13'><code class=\"\" data-line=\"\">restorecon -Rv ~\/.ssh\nsudo systemctl restart sshd<\/code><\/pre>\n<\/div>\n<p>This is annoyingly underdocumented. The SSH daemon won&#8217;t log a useful error \u2014 it just falls back to password auth silently.<\/p>\n<h2>FAQ<\/h2>\n<div class='ht-faq-section'>\n<h2>Frequently Asked Questions<\/h2>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>How do I use ssh-agent so I don&#039;t have to type my key passphrase every time?<\/h3>\n<div class='ht-faq-answer'>\n<p>Start the agent and add your key with: <code class=\"\" data-line=\"\">eval $(ssh-agent -s) &amp;&amp; ssh-add ~\/.ssh\/id_ed25519<\/code>. You&#8217;ll enter your passphrase once per terminal session and the agent handles it from there. Most desktop Linux environments start an agent automatically at login \u2014 if you&#8217;re on a desktop, you may only need to run <code class=\"\" data-line=\"\">ssh-add<\/code> once after boot.<\/p>\n<\/div>\n<\/div>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>Can I use the same SSH key for multiple servers?<\/h3>\n<div class='ht-faq-answer'>\n<p>Yes. Just copy the same public key (<code class=\"\" data-line=\"\">~\/.ssh\/id_ed25519.pub<\/code>) to <code class=\"\" data-line=\"\">~\/.ssh\/authorized_keys<\/code> on each server. I&#8217;d recommend keeping the same key for servers you manage personally, but creating separate keys per team member if multiple people need access \u2014 that way you can revoke individual access by removing a specific public key.<\/p>\n<\/div>\n<\/div>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>What&#039;s the difference between Ed25519 and RSA keys for SSH?<\/h3>\n<div class='ht-faq-answer'>\n<p>Ed25519 uses elliptic curve cryptography and produces much shorter keys that are faster to generate and verify. RSA 4096 is still secure but slower and the keys are much longer. Ed25519 is the current best practice for new setups. The only reason to use RSA is compatibility with very old OpenSSH versions (pre-6.5) or legacy systems \u2014 which you&#8217;re unlikely to encounter on any modern host.<\/p>\n<\/div>\n<\/div>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>Do SSH keys work on Host &amp; Tech VPS plans?<\/h3>\n<div class='ht-faq-answer'>\n<p>Yes, on all our Linux VPS plans you get full root SSH access and can set up key-based auth exactly as described in this guide. When you provision a new <a href=\"https:\/\/www.hostandtech.com\/vps-ssd-servers\">VPS SSD Hosting<\/a> server, you can optionally paste your public key during setup so it&#8217;s added automatically at first boot \u2014 no manual copying required.<\/p>\n<\/div>\n<\/div>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>How do I add my SSH key to multiple user accounts on the same server?<\/h3>\n<div class='ht-faq-answer'>\n<p>Each user has their own <code class=\"\" data-line=\"\">~\/.ssh\/authorized_keys<\/code> file. Log in as root (or use sudo) and append the public key to the relevant user&#8217;s file: <code class=\"\" data-line=\"\">sudo -u username bash -c &#039;cat &gt;&gt; \/home\/username\/.ssh\/authorized_keys&#039;<\/code>, then paste the public key and press Ctrl+D. Make sure permissions are still <code class=\"\" data-line=\"\">600<\/code> on that file after editing.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>SSH keys are more secure than passwords and make connecting to your server much faster once they&#8217;re set up. This guide walks you through generating a key pair, copying the public key to your server, and locking down SSH so passwords can&#8217;t be used at all.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[49],"tags":[12,102,116,14,11],"class_list":["post-121","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux","tag-security","tag-server-administration","tag-ssh","tag-vps"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Set Up SSH Keys on Linux for Password-Free Authentication<\/title>\n<meta name=\"description\" content=\"Learn how to set up SSH keys on Linux for secure, password-free authentication. Step-by-step guide for VPS and dedicated server users.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Set Up SSH Keys on Linux for Password-Free Authentication\" \/>\n<meta property=\"og:description\" content=\"Learn how to set up SSH keys on Linux for secure, password-free authentication. Step-by-step guide for VPS and dedicated server users.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-26T16:48:15+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/linux\\\/how-to-set-up-ssh-keys-linux\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/linux\\\/how-to-set-up-ssh-keys-linux\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"How to Set Up SSH Keys on Linux for Password-Free Authentication\",\"datePublished\":\"2026-05-26T16:48:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/linux\\\/how-to-set-up-ssh-keys-linux\\\/\"},\"wordCount\":1450,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"Linux\",\"security\",\"server administration\",\"SSH\",\"VPS\"],\"articleSection\":[\"Linux Server\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/linux\\\/how-to-set-up-ssh-keys-linux\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/linux\\\/how-to-set-up-ssh-keys-linux\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/linux\\\/how-to-set-up-ssh-keys-linux\\\/\",\"name\":\"How to Set Up SSH Keys on Linux for Password-Free Authentication\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-26T16:48:15+00:00\",\"description\":\"Learn how to set up SSH keys on Linux for secure, password-free authentication. Step-by-step guide for VPS and dedicated server users.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/linux\\\/how-to-set-up-ssh-keys-linux\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/linux\\\/how-to-set-up-ssh-keys-linux\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/linux\\\/how-to-set-up-ssh-keys-linux\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Set Up SSH Keys on Linux for Password-Free Authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Set Up SSH Keys on Linux for Password-Free Authentication","description":"Learn how to set up SSH keys on Linux for secure, password-free authentication. Step-by-step guide for VPS and dedicated server users.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/","og_locale":"en_US","og_type":"article","og_title":"How to Set Up SSH Keys on Linux for Password-Free Authentication","og_description":"Learn how to set up SSH keys on Linux for secure, password-free authentication. Step-by-step guide for VPS and dedicated server users.","og_url":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-26T16:48:15+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"How to Set Up SSH Keys on Linux for Password-Free Authentication","datePublished":"2026-05-26T16:48:15+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/"},"wordCount":1450,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["Linux","security","server administration","SSH","VPS"],"articleSection":["Linux Server"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/","url":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/","name":"How to Set Up SSH Keys on Linux for Password-Free Authentication","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-26T16:48:15+00:00","description":"Learn how to set up SSH keys on Linux for secure, password-free authentication. Step-by-step guide for VPS and dedicated server users.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/linux\/how-to-set-up-ssh-keys-linux\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"How to Set Up SSH Keys on Linux for Password-Free Authentication"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=121"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/121\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}