How to Set Up SSH Keys

Posted by Mike on June 23rd, 2020
How to set up SSH Keys on Linux

Setting up SSH Keys can make connecting to your servers so much easier, they remove the need for remembering the server password and mean password login can be turned off entirely, enhancing your servers security. In this guide we'll show you how to use ssh-keygen to generate a new SSH key and add it to your server.

What are SSH Keys?

SSH Keys are a pair of files usually named by default as id_rsa and The first one (id_rsa) is the private key and one which should never be shared with anyone and will always live on your local machine. The second one ( is the public key of the pair. This is the file that will be shared with servers and services to grant you access to them.

On it's own the public key is useless, so sharing it with 3rd party services such as ServerAuth is perfectly safe. Only when combined with the private key, which should never leave your local machine, can the public key be used to log in to anything.

Using ssh-keygen to generate a new key

On Mac / On Linux

Open your favourite terminal app and use the command below to generate a new key, remember to swap out your email address before hitting enter.

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This will start generate a new SSH key with your email as the label, when prompted to save the file, press enter to save it in the default location.

If you are on Mac this will be /Users/yourusername/.ssh/id_rsa, or if you are on Linux this will be /home/yourusername/.ssh/id_rsa.

You will then be prompted to enter a secure passphrase, if this machine is your personal computer and not shared with anyone, press enter and then again to confirm. This will create a SSH key without a passphrase.

On Windows

For windows, we recommend using Git BASH which brings a lot of *nix type functionality to Windows.

Once installed, open Git Bash and type the following command, swapping out the email address for your own.

ssh-keygen -t rsa -b 4096 -C "[email protected]"

When prompted, press enter to save the key in the default location which will be /c/Users/yourusername/.ssh/id_rsa.

On the next prompt, press enter and then again to confirm. This will create a SSH key without a passphrase.

Adding your SSH key to the ssh-agent

ssh-agent is a program that runs on your local machine in the background that is used to store keys and passphrases in memory and communicate with SSH clients using a Unix domain socket.

On Mac / Linux

First we need to start the ssh-agent in the background. You can do that with the following command.

eval "$(ssh-agent -s)"

It should output something like Agent pid 32159.

Next we need to add your newly generated SSH key to the agent, you can do that with the following command. If you changed where your SSH key was stored or the name you will need to modify the line below before running it. If you used the default options, simply copy the line below and run it in your terminal window.

ssh-add ~/.ssh/id_rsa

On Windows

If you have downloaded and installed Git Bash as mentioned earlier, you can use the same command as Mac / Linux users to start the agent.

eval "$(ssh-agent -s)"

As with Mac / Linux, it should output something like Agent pid 32159.

Once running, we need to add the SSH key to the agent. If you changed the default save location or default filename, you will need to modify the snippet below before running it.

ssh-add /c/Users/yourusername/.ssh/id_rsa

Adding your public SSH Key to your server

First you will need to log on to your server, remembering to add in the details for your server. Do this in a new, second terminal window.

ssh -p PORT youruser@hostname

Then navigate to ~/.ssh, once there run.


Depending on what your server is doing, you may already have some files within this folder. The one we are interested in however, is called authorized_keys. The authorized_keys file is used to hold all the SSH keys that have access to login to the server as the username you connected as. So when you try to connect without a password, SSH first checks this file against your local machine file to see if it contains your SSH Key, if not then it will either ask for a password or show permission denied if you have turned off password login.

If you already have an authorized_keys file skip ahead to Updating Authorized_keys, otherwise follow the next few steps to create one.

First create the file using the touch command.

touch ~/.ssh/authorized_keys

We then need to make sure that file has the correct permissions set.

chmod 600 ~/.ssh/authorized_keys

All done!

Updating Authorized_keys

First we need to copy your public key from your local machine. Go back to your first terminal window where we ran the ssh-keygen and ssh-agent commands and navigate to the folder where it stored your keys.

As default, /Users/yourusername/.ssh on mac, /home/yourusername/.ssh on linux or /c/Users/yourusername/.ssh in Git Bash on Windows.

Next run the "cat" command, this will print the contents of the file we select to the terminal window.

cat ./

This should output something like this to your terminal screen

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwQgfXajx0XezIrX74LJJdzaPEGTO8iWv1loQboV3RaPGxHSbQeRGLsKiHUG46zrNIssq73eCqtzXh9OYBHB8308/QYlXpYBsbgW5q U dYL4eTJde5S3oDoKD09EgWJ/NY8vXoJ/iJAlSbvaTUr98xCRQ3F7BUDh9gr7DYpyWNXAjF XJp4dETT02/y0o cQ4vITGu0OljvwCIkDSFt QNQn6Wggd C1bbQRPY8N0DchzqhF3ixU XF1Q3KKUC7QTldfnrlRCr6qDKI2eSfUL iG2N0KuLTSLvCe 84XqM1I2IwfujQtUcAgxyWF2nRp0xYHiKty60nrI1dNbQl5/uEJUHpL5sCo8kcjMfMS0lhTDyoaNBKTt/j3zu cBiXj2IZa7lBQuLuH /oTiBtuJ7g XO8E8zXQKXmbZiFiC/7TA5A4Z9SkB6lcZqGLF5xbnKFnHywUPN1mdrDL8XyDQrNBmdqyzuqVZieDkCyrVraT12ruWjgR8UB0jM j6yLKqmN9uUzBIvhavlHpzw/YeJ4pZSqjuicWLPnK9BzKSAqx0WbtQa0aCY0O1f6PVeirW6JM9zUvV7H0Yy4QGRyllaahy7z7kD4kxXQX07K0ep2SbmzstpRizRp38dG71fvNpel8dFtKPxOaTy4bBAARUc6UcW1RtJPrHQnxWZmdigQ== [email protected]

The email address at the end, should match the email address you entered in the first few steps of this guide.

Next you need to select the whole thing from ssh-rsa through to your email address and then "right click and copy".

Switch to the second terminal window we opened to get back to your server, and open up the authorized_keys file with the following command

nano ./authorized_keys

This will open up the file within the "nano" editor. Once opened, simply "right click and paste" to drop in the the public ssh key you just copied.

If you already had an authorized_keys file, move the cursor to the end of the file before pasting in your public key.

Once your public key has been pasted into the file, save and exit with CTRL x, then Y and ENTER to confirm the save.

Test your keys

If we open up another new terminal window and attempt to connect to your server again

ssh -p PORT youruser@hostname

We should now get logged straight into the server without having to enter your password.

