How to Set Up SSH Keys for Password-Free Server Login

Why Use SSH Keys?

SSH (Secure Shell) lets you connect to remote servers securely. By default, this uses a password — but passwords have real drawbacks: they can be brute-forced, phished, or leaked. SSH keys solve all of these problems by using asymmetric cryptography: a mathematically linked key pair where only the right private key can unlock the corresponding public key.

The result? Logins that are both more secure and more convenient — no typing passwords each time.

How SSH Key Pairs Work

• Private key — stays on your local machine, never shared
• Public key — placed on the remote server in ~/.ssh/authorized_keys

When you connect, the server issues a cryptographic challenge. Your machine solves it using the private key. The server verifies the solution using the public key. No password is ever transmitted over the network.

Step 1: Generate Your SSH Key Pair

Open your terminal (Terminal on macOS/Linux, or Windows Terminal / PowerShell on Windows 10+) and run:

ssh-keygen -t ed25519 -C "your_email@example.com"

Why ed25519? It's a modern elliptic-curve algorithm that's faster and more secure than the older RSA-2048. If the server you're connecting to is very old and doesn't support it, use -t rsa -b 4096 instead.

You'll be prompted for a save location (default is fine: ~/.ssh/id_ed25519) and an optional passphrase. Use a passphrase — it protects your private key if your machine is ever compromised.

Step 2: Copy Your Public Key to the Server

The easiest method uses the built-in ssh-copy-id tool (available on macOS and Linux):

ssh-copy-id username@your-server-ip

This automatically appends your public key to the server's ~/.ssh/authorized_keys file. You'll authenticate with your password one final time.

Manual Method (Windows or when ssh-copy-id isn't available)

1. Display your public key: cat ~/.ssh/id_ed25519.pub
2. Copy the entire output to your clipboard
3. Log into the server with your password
4. Run: mkdir -p ~/.ssh && echo "PASTE_KEY_HERE" >> ~/.ssh/authorized_keys
5. Set correct permissions: chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

Step 3: Test the Connection

ssh username@your-server-ip

If everything is configured correctly, you'll connect without being prompted for a password (you may be asked for your key passphrase instead, which is handled locally by your SSH agent).

Step 4: Add Your Key to the SSH Agent

So you don't have to type your passphrase every single time, add your key to the SSH agent:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

On macOS, add this to your ~/.zshrc or ~/.bash_profile to persist it across sessions.

Step 5: (Optional but Recommended) Disable Password Authentication

Once you've confirmed key-based login works, disable passwords entirely on the server to eliminate brute-force risk. Edit /etc/ssh/sshd_config and set:

PasswordAuthentication no
PubkeyAuthentication yes

Then restart the SSH service: sudo systemctl restart sshd

Warning: Do this only after confirming key-based login works. Locking yourself out of a remote server is a painful experience.

Managing Multiple Keys with SSH Config

If you connect to multiple servers or services (GitHub, staging, production), use an SSH config file at ~/.ssh/config:

Host myserver
  HostName 192.168.1.100
  User deploy
  IdentityFile ~/.ssh/id_ed25519

Host github
  HostName github.com
  User git
  IdentityFile ~/.ssh/github_key

Now you can simply type ssh myserver instead of the full command every time.

Summary

SSH keys take about five minutes to set up and deliver lasting security and convenience benefits. Once you've done it for one server, the process becomes second nature. It's one of the most valuable tech habits any developer, sysadmin, or power user can build.