Setup SSH Key Authentication on Ubuntu
You can set up SSH key authentication on Ubuntu to log in securely without needing a password.
SSH key authentication replaces password logins with a cryptographic key pair: a public key stored on your server and a private key kept on your computer. This makes accessing your Ubuntu server significantly more secure and convenient than traditional password methods.
By generating an SSH key pair and adding your public key to your Ubuntu server (versions like 20.04 LTS and 22.04 LTS are commonly used), you enable passwordless remote access.
This process streamlines your remote system management, offering a protected and efficient connection.
Generate an SSH key pair using `ssh-keygen`, then copy your public key to the server with `ssh-copy-id`. Finally, disable password authentication in `/etc/ssh/sshd_config` and restart the SSH service.
Create SSH keys keypair
Setting up SSH key authentication on Ubuntu starts with creating your own SSH key pair, which includes a private key and a public key.
The command below generates a new 4096 bits SSH key pair with your email address as a comment.
ssh-keygen -t rsa -b 4096 -C "your_username@example.com"
After running the commands above, you’ll be prompted to specify a filename for the keys. In most cases, the default location and filename should work.
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
Next, you’ll be asked to type a secure passphrase. A passphrase adds an extra layer of security, so you must type the passphrase before you use the key to log in to the remote machine.
Enter passphrase (empty for no passphrase):
Press ENTER without typing a passphrase.
On your screen, the entire interaction should look similar to the one below.
Generating public/private rsa key pair. Enter file in which to save the key (/home/richard/.ssh/id_rsa): Created directory '/home/richard/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/richard/.ssh/id_rsa Your public key has been saved in /home/richard/.ssh/id_rsa.pub The key fingerprint is: SHA256:F217Tplf9iVDvyTRBRfkeXEdQfCugtgC16BrpRqQYpE admin@example.com The key's randomart image is: +---[RSA 4096]----+ | .=OO| | . . +.*| | E . . o..=.| | o . o o oo+.| |.+ o oS.. ..Bo=| |o . * o.. ++==| | . + o o . ...o| | + . . | | . | +----[SHA256]-----+
That’s it! You have successfully created a key pair.
Copy the public key to target system
After creating your SSH keys, the next step for SSH key authentication Ubuntu is to copy your public key to the server you want to connect to.
Run the command below to copy your public key to a remote server.
ssh-copy-id username@server_ip_address
username and server_ip_address with your account on the remote server.Since key-based authentication isn’t yet configured, you’ll be prompted to type in your SSH password.
Once authenticated, the public key ~/.ssh/id_rsa.pub will be appended to the remote user ~/.ssh/authorized_keys file, and the connection will be closed.
richard@10.0.2.17's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'richard@10.0.2.17'" and check to make sure that only the key(s) you wanted were added.
Configure SSH for passwordless login
To complete your SSH key authentication Ubuntu setup and ensure passwordless login, you need to disable password authentication on the server.
Log on to the remote server with your password, then open the SSH configuration file by running the commands below.
sudo nano /etc/ssh/sshd_config
In the file, find the lines below and change the value to match these.
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
Save the file and exit.
Restart the SSH server on the remote host.
sudo systemctl restart ssh
After that, password login should be disabled.
Using the command `ssh-copy-id user@remote_host` sends your SSH public key to a remote server. This action configures the remote server to recognize your key, allowing passwordless logins for future connections.
ssh username@server_ip_address
That should do it!
Conclusion:
Setting up key-based SSH authentication on Ubuntu Linux uses a process that this article explained. Users can report errors or share additions using the comment form.
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
No comments yet — be the first to share your thoughts!