How to Set Up Passwordless SSH Login

Secure Shell (SSH) is a cryptographic network protocol used for a secure connection between a client and a server. It supports various authentication mechanisms, the two most popular being password-based authentication and public-key-based authentication. If you’re new to SSH, see our SSH command guide and SSH config file guide .

In this guide, we will show you how to set up SSH key-based authentication and connect to your Linux server without entering a password.

Quick Reference

Check for Existing SSH Keys

Before generating a new SSH key pair, check if you already have one on your client machine so you don’t overwrite existing keys.

Run the following ls command to see if existing SSH keys are present:

If there are existing keys, you can either use those and skip the next step or back up the old keys and generate a new one.

If you see No such file or directory or no matches found, it means that you do not have an SSH key and you can proceed with the next step.

Generate a New SSH Key Pair

The recommended key type is Ed25519, which offers better security and performance than RSA with shorter keys:

If you need to work with older systems that don’t support Ed25519, you can generate a 4096-bit RSA key instead:

Press Enter to accept the default file location and file name:

Next, the ssh-keygen tool will ask you to type a secure passphrase. Whether you want to use a passphrase is up to you. If you choose to use a passphrase, you will get an extra layer of security. In most cases, developers and system administrators use SSH without a passphrase because it’s useful for fully automated processes. If you don’t want to use a passphrase, just press Enter.

A sample interaction looks like this:

To verify that the SSH keys were generated, list your new private and public keys with:

Copy the Public Key to the Server

Now that you have generated an SSH key pair, you need to copy the public key to the server you want to manage.

The easiest way to copy your public key to your server is to use the ssh-copy-id command. On your local machine, type:

You will be prompted to enter the remote_username password:

Once the user is authenticated, the public key will be appended to the remote user’s authorized_keys file and the connection will be closed.

If for some reason the ssh-copy-id utility is not available on your local computer, you can use the following command to copy the public key:

Copy a Non-Default Key

If you generated a key with a custom filename, specify it with -i:

Log In Using SSH Keys

After completing the steps above, you should be able to log in to the remote server without being prompted for a password.

To test it, try to log in to your server via SSH:

If everything went well, you will be logged in immediately.

Using the SSH Agent

If you set a passphrase on your key, you will be asked to enter it every time you connect. To avoid this, you can use ssh-agent to cache your passphrase for the duration of your session:

The agent will remember your passphrase until you log out or the agent is stopped.

Generating SSH Keys on Windows

Windows 10 and later include a built-in OpenSSH client. You can use the same commands shown above directly in PowerShell or Command Prompt.

To generate a key on Windows, open PowerShell and run:

The keys will be stored in C:\Users\your_username\.ssh\. To copy the public key to the server, you can use the following PowerShell command:

Disabling SSH Password Authentication

To add an extra layer of security to your server, you can disable password authentication for SSH.

Before disabling SSH password authentication, make sure you can log in to your server without a password and the user you are logging in with has sudo privileges.

The following tutorials describe how to configure sudo access:

• How to create sudo user on Ubuntu
• How to create sudo user on CentOS
• How to create sudo user on Debian

Log into your remote server with SSH keys, either as a user with sudo privileges or root:

Open the SSH configuration file /etc/ssh/sshd_config and set the following directives:

Once you are done, save the file and restart the SSH service.

On Ubuntu or Debian servers:

On CentOS or Fedora servers:

FAQ

What is the difference between Ed25519 and RSA keys?
Ed25519 keys are shorter, faster, and considered more secure than RSA. They are supported on OpenSSH 6.5+ (released 2014). Use RSA only if you need compatibility with very old systems.

Can I use the same key for multiple servers?
Yes. You can copy the same public key to as many servers as you want using ssh-copy-id.

What permissions should the SSH files have?
The ~/.ssh directory should be 700, the private key should be 600, and the authorized_keys file should be 600. Incorrect permissions will cause SSH to reject the key.

How do I use different keys for different servers?
You can configure per-host keys in your SSH config file (~/.ssh/config) using the IdentityFile directive.

What to check if key login doesn’t work?
Verify the permissions: ~/.ssh should be 700, your private key 600, and authorized_keys 600. Also confirm PubkeyAuthentication is enabled on the server and you’re using the correct user and key.

Conclusion

In this guide, you learned how to set up SSH key-based authentication, allowing you to log in to your remote server without providing a password. You can add the same key to multiple remote servers.

We have also shown you how to disable SSH password authentication and add an extra layer of security to your server.

If you have any questions, feel free to leave a comment below.