Why SSH Keys? SSH keys are more secure than passwords:
Password SSH Key Can be guessed Virtually uncrackable Brute-force possible Brute-force impossible Must be entered manually Automatic authentication Can be intercepted Private key stays local
After setup, you can connect without entering a password - faster and more secure!
Create SSH Key Windows 10/11 (PowerShell)
Open PowerShell
Press Win + X and select Windows Terminal or PowerShell .
Generate SSH Key
ED25519 is the most modern and secure algorithm. If your server doesn’t support it, use RSA:
Confirm Location
Enter file in which to save the key (C:\Users\YourName\.ssh\id_ed25519):
Press Enter for the default location.
Set Passphrase (recommended)
Enter passphrase (empty for no passphrase):
A passphrase adds extra protection to your key. You can also press Enter for no passphrase.
Copy Public Key
cat ~ / .ssh / id_ed25519.pub
Copy the entire output (starts with ssh-ed25519). PuTTYgen (Alternative)
Open PuTTYgen
Install PuTTY and open PuTTYgen .
Generate Key
Select EdDSA (or RSA with 4096 bits)
Click Generate
Move your mouse in the empty area for randomness
Save Keys
Save private key → Save as .ppk fileCopy the text in the upper field (Public Key)
Terminal
Open Terminal
Cmd + Space → “Terminal”
Location and Passphrase
Enter for default location (~/.ssh/id_ed25519)
Optional: Enter a passphrase
Add Key to SSH Agent
eval "$( ssh-agent -s )" ssh-add ~/.ssh/id_ed25519
For persistent storage, add to ~/.ssh/config: Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_ed25519
Copy Public Key
cat ~/.ssh/id_ed25519.pub | pbcopy
The key is now in your clipboard. Terminal
Location and Passphrase
Enter for default location
Optional: Passphrase for extra security
Add Key to SSH Agent
eval "$( ssh-agent -s )" ssh-add ~/.ssh/id_ed25519
Display Public Key
cat ~/.ssh/id_ed25519.pub
Copy the output. Add Public Key to Server Now you need to add your Public Key to the server.
Method 1: ssh-copy-id (recommended) The easiest way - works on macOS and Linux:
ssh-copy-id root@YOUR-IP-ADDRESS
You’ll be asked for the password once. After that, the key is set up.
Method 2: Manual Copy
Create SSH Directory (if needed)
mkdir -p ~/.ssh chmod 700 ~/.ssh
Add Public Key
echo "YOUR-PUBLIC-KEY-HERE" >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
Replace YOUR-PUBLIC-KEY-HERE with the copied key (starts with ssh-ed25519 or ssh-rsa).
Test Connection
Open a new terminal and connect: If there’s no password prompt, the key works!
Disable Password Login First test that your SSH key works! Otherwise you’ll lock yourself out.
After successful key setup, you can disable password login:
Edit SSH Configuration
nano /etc/ssh/sshd_config
Change Settings
Find and change these lines: PasswordAuthentication no PubkeyAuthentication yes
Use Ctrl + W in nano to search.
Test in New Terminal
Open a new terminal (keep the old one open!) and test: If it works, you can close the old terminal. Manage Multiple Keys SSH Config File For multiple servers with different keys, create ~/.ssh/config:
# RDP.sh Production Server Host rdp-prod HostName 185.193.xxx.xxx User root IdentityFile ~/.ssh/id_ed25519 # RDP.sh Development Server Host rdp-dev HostName 185.193.yyy.yyy User root IdentityFile ~/.ssh/id_ed25519_dev Port 2222 # Other Provider Host other-server HostName example.com User admin IdentityFile ~/.ssh/other_key
Now you can simply connect with:
Troubleshooting
Permission denied (publickey)
Possible causes:
Public key not copied correctly
Wrong permissions on server
Wrong key being used
Solution: # Check permissions on server chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys # Check which key is being used ssh -v root@YOUR-IP
The SSH agent has no key loaded. Solution: ssh-add ~/.ssh/id_ed25519
Check on server: cat ~/.ssh/authorized_keys
The key must be on a single line and start with ssh-ed25519 or ssh-rsa.
Unfortunately, the passphrase cannot be recovered. Solution:
Generate a new key
Add the new public key to the server
Delete the old key
Best Practices
🔐 Use a Passphrase A passphrase protects your key if someone gains access to your computer.
🔄 Rotate Keys Regularly create new keys and remove old ones from authorized_keys.
💾 Backup Back up your private key in a secure location. Without it, you’ll lose access!
🚫 Never Share Never share your private key. Only the public key is copied to servers.
Next Steps 
