Skip to content

How to Set Up SSH Keys: A Complete Guide

SSH keys are more secure and convenient than passwords for remote server access.

How SSH Keys Work 

┌─────────────────┐         ┌─────────────────┐
│   Your Machine   │         │   Server         │
│                   │         │                  │
│  Private Key     │───────→│  Public Key      │
│  (secret.key)    │  Auth  │  (authorized_keys)│
└─────────────────┘         └─────────────────┘

You generate a pair of keys:

  • Private key — stays on your machine. Never share it.
  • Public key — goes on every server you access.

Step 1: Generate a Key Pair 

# Generate an ED25519 key (recommended)
ssh-keygen -t ed25519 -C "your@email.com"

# Or RSA (for older systems)
ssh-keygen -t rsa -b 4096 -C "your@email.com"

You’ll be asked:

  • Where to save — default ~/.ssh/id_ed25519 is fine
  • Passphrase — strongly recommended (encrypts your key)

Step 2: Add to SSH Agent 

# Start the agent
eval "$(ssh-agent -s)"

# Add your key
ssh-add ~/.ssh/id_ed25519

Step 3: Copy to Remote Server

Option A: Using ssh-copy-id 

ssh-copy-id user@server-ip

Option B: Manual 

cat ~/.ssh/id_ed25519.pub | ssh user@server-ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Option C: Manual via SSH 

# On your machine, view the key
cat ~/.ssh/id_ed25519.pub
# Copy the output

# On the server
echo "your-public-key-here" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

Step 4: Test the Connection 

ssh user@server-ip

If everything works, you should be logged in without a password prompt.

Setting Up for GitHub 

# 1. Generate a key if you don't have one
ssh-keygen -t ed25519 -C "your@email.com"

# 2. Add to SSH agent
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

# 3. Copy the public key
cat ~/.ssh/id_ed25519.pub

# 4. Add to GitHub:
#    Settings → SSH and GPG Keys → New SSH Key → Paste → Save

# 5. Test
ssh -T git@github.com
# Output: "Hi username! You've successfully authenticated..."

SSH Config File

Simplify connections with ~/.ssh/config:

Host github.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_ed25519

Host myserver
  HostName 192.168.1.100
  User alice
  Port 2222
  IdentityFile ~/.ssh/id_ed25519

Host *.internal
  User admin
  IdentityFile ~/.ssh/internal-key

Now you can type ssh myserver instead of ssh alice@192.168.1.100 -p 2222.

Key Management 

# List loaded keys
ssh-add -l

# List ALL keys in your .ssh directory
ls ~/.ssh/

# View a public key
cat ~/.ssh/id_ed25519.pub

# Generate a new key for a different service
ssh-keygen -t ed25519 -f ~/.ssh/github-key -C "github"

Security Best Practices

  • Use ED25519 instead of RSA — it’s faster and more secure
  • Always use a passphrase — encrypts your private key at rest
  • Never share your private key — it’s called private for a reason
  • Set permissions correctly:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519       # private key
chmod 644 ~/.ssh/id_ed25519.pub   # public key (can be world-readable)
chmod 600 ~/.ssh/authorized_keys  # on servers
chmod 644 ~/.ssh/config
  • Use different keys for different services — if one is compromised, the others are safe
  • Rotate keys periodically — generate new keys every 1-2 years
  • Add key expirationssh-keygen supports expiry dates

Recovering from a Lost Private Key

  1. Generate a new key pair
  2. Log into each server (via password or console) and add the new public key
  3. Remove the old public key from all servers
  4. Update GitHub/GitLab/other services

Related: Learn Linux file permissions and bash scripting.