SSH Keys — Passwordless and Secure Authentication
Generate SSH key pairs, copy your public key to remote servers, use ssh-agent to cache passphrases, and follow SSH key best practices.
March 30, 20255 min read
linuxsecuritysshssh-keysauthentication
Why SSH Keys?
SSH keys are more secure than passwords:
- Can't be brute-forced — cryptographic key pairs
- No typing — authenticate automatically
- Required by GitHub, cloud providers, and production servers
How SSH Keys Work
| Key | Location | Share? |
|---|---|---|
Private key (id_ed25519) | Your machine only | ❌ NEVER |
Public key (id_ed25519.pub) | Remote servers | ✅ Safe |
Generate a Key Pair
# Recommended: ed25519 (modern, fast, secure)
ssh-keygen -t ed25519 -C "[email protected]"
# Alternative: RSA 4096bit (wider compatibility)
ssh-keygen -t rsa -b 4096 -C "[email protected]"
# Keys saved to:
# ~/.ssh/id_ed25519 (private key)
# ~/.ssh/id_ed25519.pub (public key)Copy Public Key to Server
# Easiest method
ssh-copy-id user@server
# Manual method
cat ~/.ssh/id_ed25519.pub | ssh user@server 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
# For GitHub — copy and paste to Settings → SSH Keys
cat ~/.ssh/id_ed25519.pubssh-agent — Cache Your Passphrase
eval "$(ssh-agent -s)" # Start ssh-agent
ssh-add ~/.ssh/id_ed25519 # Add key (enter passphrase once)
ssh-add -l # List loaded keys
# Auto-start in ~/.bashrc or ~/.zshrc
if [ -z "$SSH_AUTH_SOCK" ]; then
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
fiYour private key (~/.ssh/id_ed25519) must NEVER leave your machine. If compromised, an attacker can log into every server that trusts your public key.
Quick Check
Which SSH key type is recommended for new key generation?
Exercise
Generate an ed25519 SSH key pair. Then display your public key so you can add it to a service like GitHub.