RamNode logo
    Sign UpLogin
    Back to OpenVZ Documentation

    SSH Key Authentication

    Set up secure SSH key authentication for your VPS

    Table of Contents

    What is an SSH Key?

    SSH is a widely-used protocol for interacting with remote servers for administration and file transfer. SSH keys provide a more secure authentication method than passwords. Instead of logging in with a password, you use a cryptographic key pair (public and private keys).

    Benefits of SSH Keys

    • More Secure - Much harder to brute-force than passwords
    • Convenient - No need to type passwords repeatedly
    • Automation-Friendly - Enable passwordless scripts and backups
    • Multiple Keys - Use different keys for different purposes

    Step 1: Generate SSH Key Pair

    On Linux/macOS

    ssh-keygen -t ed25519 -C "your_email@example.com"
# or for RSA (if ed25519 not supported)
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    Press Enter to accept the default file location, and optionally set a passphrase.

    On Windows

    Option 1: Windows PowerShell (Windows 10+)
    ssh-keygen -t ed25519 -C "your_email@example.com"
    Option 2: PuTTYgen
    1. Download and install PuTTY
    2. Open PuTTYgen
    3. Select "EdDSA" or "RSA" (4096 bits)
    4. Click "Generate" and move your mouse randomly
    5. Save both public and private keys

    Step 2: Copy Public Key to VPS

    Method 1: Using ssh-copy-id (Easiest)

    ssh-copy-id root@your-vps-ip
# Enter your VPS password when prompted

    Method 2: Manual Copy

    1. Display your public key:
      cat ~/.ssh/id_ed25519.pub
    2. Copy the entire output (starts with "ssh-ed25519" or "ssh-rsa")
    3. Log into your VPS via SSH with password
    4. Create the .ssh directory if it doesn't exist:
      mkdir -p ~/.ssh
    5. Add your public key:
      echo "your-public-key-here" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

    Step 3: Test SSH Key Authentication

    Try logging in with your SSH key:

    ssh root@your-vps-ip

    You should be logged in without entering a password (unless you set a passphrase on your key).

    Step 4: Disable Password Authentication (Optional but Recommended)

    After verifying SSH key login works, you can disable password authentication for better security:

    # Edit SSH config
nano /etc/ssh/sshd_config

# Change these lines:
PasswordAuthentication no
ChallengeResponseAuthentication no
PubkeyAuthentication yes

# Restart SSH
systemctl restart sshd

    Warning

    Make absolutely sure your SSH key authentication is working before disabling password authentication! Otherwise, you'll lock yourself out and need to use VNC console to regain access.

    Troubleshooting

    Permission Denied

    Check file permissions:

    chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

    Still Asking for Password

    Check SSH logs on the server:

    tail -f /var/log/auth.log  # Debian/Ubuntu
tail -f /var/log/secure    # CentOS/RHEL

    Best Practice

    Always keep a backup of your private key in a secure location. If you lose it and have disabled password authentication, you'll need to use VNC console to regain access to your VPS.