Skip to main content
Back to blog

Setting up SSH keys and never typing a password again

·3 min readNetworkingSecurity

If you are still typing passwords to log into servers or push to GitHub, SSH keys will save you time every single day. Set them up once and you never think about it again.

Generating a key pair

ssh-keygen -t ed25519 -C "your@email.com"

Ed25519 is the modern standard. It is faster and more secure than RSA. When prompted for a file location, the default (~/.ssh/id_ed25519) is fine. Set a passphrase if you want an extra layer of security.

This creates two files:

  • ~/.ssh/id_ed25519 (private key, never share this)
  • ~/.ssh/id_ed25519.pub (public key, this goes on servers)

Adding your key to a server

ssh-copy-id user@your-server-ip

This copies your public key to the server's ~/.ssh/authorized_keys file. From now on, ssh user@your-server-ip logs you in without a password.

If ssh-copy-id is not available, do it manually:

cat ~/.ssh/id_ed25519.pub | ssh user@your-server-ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Adding your key to GitHub

Copy your public key:

cat ~/.ssh/id_ed25519.pub

Go to GitHub > Settings > SSH and GPG keys > New SSH key. Paste it in and save.

Test the connection:

ssh -T git@github.com

You should see "Hi username! You've successfully authenticated." Now you can clone repos with git clone git@github.com:user/repo.git and push without entering credentials.

SSH config file

The SSH config file at ~/.ssh/config lets you create shortcuts:

Host homelab
    HostName 192.168.1.10
    User admin
    IdentityFile ~/.ssh/id_ed25519

Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519

Host work-server
    HostName work.example.com
    User deploy
    IdentityFile ~/.ssh/id_work
    Port 2222

Now instead of ssh admin@192.168.1.10, you type ssh homelab. The config handles the rest.

Multiple keys

If you use different keys for personal and work (recommended), the config file handles routing:

# Generate a work key
ssh-keygen -t ed25519 -f ~/.ssh/id_work -C "your@work.com"

Add both to your SSH config and each connection uses the right key automatically.

SSH agent

If you set a passphrase on your key, the SSH agent caches it so you only type it once per session:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

Most Linux desktop environments start the agent automatically. You type your passphrase once after login and it is cached for the session.

Disable password authentication

Once SSH keys are working, disable password logins on your servers for better security:

# In /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes

Restart the SSH service:

sudo systemctl restart sshd

Now the only way to log in is with a valid SSH key. This eliminates brute force password attacks entirely.

Sources

Related posts

·3 min readNetworking

Tailscale: the easiest way to connect your devices

How Tailscale creates a mesh VPN between your devices without port forwarding, firewall rules, or a VPN server.

·3 min readNetworking

Caddy as a reverse proxy for self-hosted services

How Caddy simplifies reverse proxying for self-hosted services with automatic HTTPS and minimal configuration.

·3 min readNetworking

Setting up WireGuard for secure remote access

How to set up WireGuard VPN to securely access your home lab and self-hosted services from anywhere.

Enjoying the blog? Subscribe via RSS to get new posts in your reader.

Subscribe via RSS