Why SSH Keys? SSH keys are more secure than passwords:
Password SSH Key Can be guessed Virtually uncrackable Brute-force possible Brute-force impossible Must be entered manually Automatic authentication Can be intercepted Private key stays local
After setup, you can connect without entering a password - faster and more secure!
Create SSH Key Windows 10/11 (PowerShell)
Open PowerShell
Press Win + X and select Windows Terminal or PowerShell .
Generate SSH Key
ssh - keygen - t ed25519 - C "your@email.com"
ED25519 is the most modern and secure algorithm. If your server doesn’t support it, use RSA: ssh - keygen - t rsa - b 4096 - C "your@email.com"
Confirm Location
Enter file in which to save the key (C:\Users\YourName\.ssh\id_ed25519):
Press Enter for the default location.
Set Passphrase (recommended)
Enter passphrase (empty for no passphrase):
A passphrase adds extra protection to your key. You can also press Enter for no passphrase.
Copy Public Key
cat ~ / .ssh / id_ed25519.pub
Copy the entire output (starts with ssh-ed25519). PuTTYgen (Alternative)
Open PuTTYgen
Install PuTTY and open PuTTYgen .
Generate Key
Select EdDSA (or RSA with 4096 bits)
Click Generate
Move your mouse in the empty area for randomness
Save Keys
Save private key → Save as .ppk fileCopy the text in the upper field (Public Key)
Terminal
Open Terminal
Cmd + Space → “Terminal”
Generate SSH Key
ssh-keygen -t ed25519 -C "your@email.com"
Location and Passphrase
Enter for default location (~/.ssh/id_ed25519)
Optional: Enter a passphrase
Add Key to SSH Agent
eval "$( ssh-agent -s )" ssh-add ~/.ssh/id_ed25519
For persistent storage, add to ~/.ssh/config: Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_ed25519
Copy Public Key
cat ~/.ssh/id_ed25519.pub | pbcopy
The key is now in your clipboard. Terminal
Generate SSH Key
ssh-keygen -t ed25519 -C "your@email.com"
Location and Passphrase
Enter for default location
Optional: Passphrase for extra security
Add Key to SSH Agent
eval "$( ssh-agent -s )" ssh-add ~/.ssh/id_ed25519
Display Public Key
cat ~/.ssh/id_ed25519.pub
Copy the output. Add Public Key to Server Now you need to add your Public Key to the server.
Method 1: ssh-copy-id (recommended) The easiest way - works on macOS and Linux:
ssh-copy-id root@YOUR-IP-ADDRESS
You’ll be asked for the password once. After that, the key is set up.
Method 2: Manual Copy
Create SSH Directory (if needed)
mkdir -p ~/.ssh chmod 700 ~/.ssh
Add Public Key
echo "YOUR-PUBLIC-KEY-HERE" >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
Replace YOUR-PUBLIC-KEY-HERE with the copied key (starts with ssh-ed25519 or ssh-rsa).
Test Connection
Open a new terminal and connect: If there’s no password prompt, the key works!
Disable Password Login First test that your SSH key works! Otherwise you’ll lock yourself out.
After successful key setup, you can disable password login:
Edit SSH Configuration
nano /etc/ssh/sshd_config
Change Settings
Find and change these lines: PasswordAuthentication no PubkeyAuthentication yes
Use Ctrl + W in nano to search.
Test in New Terminal
Open a new terminal (keep the old one open!) and test: If it works, you can close the old terminal. Manage Multiple Keys SSH Config File For multiple servers with different keys, create ~/.ssh/config:
# RDP.sh Production Server Host rdp-prod HostName 185.193.xxx.xxx User root IdentityFile ~/.ssh/id_ed25519 # RDP.sh Development Server Host rdp-dev HostName 185.193.yyy.yyy User root IdentityFile ~/.ssh/id_ed25519_dev Port 2222 # Other Provider Host other-server HostName example.com User admin IdentityFile ~/.ssh/other_key
Now you can simply connect with:
Troubleshooting
Permission denied (publickey)
Possible causes:
Public key not copied correctly
Wrong permissions on server
Wrong key being used
Solution: # Check permissions on server chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys # Check which key is being used ssh -v root@YOUR-IP
The SSH agent has no key loaded. Solution: ssh-add ~/.ssh/id_ed25519
Check on server: cat ~/.ssh/authorized_keys
The key must be on a single line and start with ssh-ed25519 or ssh-rsa.
Unfortunately, the passphrase cannot be recovered. Solution:
Generate a new key
Add the new public key to the server
Delete the old key
Best Practices
🔐 Use a Passphrase A passphrase protects your key if someone gains access to your computer.
🔄 Rotate Keys Regularly create new keys and remove old ones from authorized_keys.
💾 Backup Back up your private key in a secure location. Without it, you’ll lose access!
🚫 Never Share Never share your private key. Only the public key is copied to servers.
Next Steps
Configure Firewall Protect your server with firewall rules
API Reference Automate with our REST API
