Linux CLIscripting~5 mins

Key-based authentication in Linux CLI - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Key-based authentication lets you log into a remote server without typing a password every time. It uses a pair of keys: one you keep safe on your computer and one you put on the server. This makes logging in faster and more secure.

When you want to connect to a remote server repeatedly without entering your password each time

When you want to improve security by avoiding password-based logins

When automating scripts that need to access remote servers securely

When managing multiple servers and want a simple way to access them

When you want to disable password login to prevent unauthorized access

Commands

This command creates a new SSH key pair using the ed25519 algorithm. The private key is saved to ~/.ssh/id_ed25519 and the public key to ~/.ssh/id_ed25519.pub. The -N "" means no passphrase is set, so no password is needed to use the key.

Terminal

ssh-keygen -t ed25519 -C "my-key" -f ~/.ssh/id_ed25519 -N ""

Expected OutputExpected

Generating public/private ed25519 key pair. Your identification has been saved in /home/user/.ssh/id_ed25519 Your public key has been saved in /home/user/.ssh/id_ed25519.pub The key fingerprint is: ed25519 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX my-key The key's randomart image is: +--[ED25519 256]--+ | .o+o. | | . +o+o | | . . +.o | | . . o . | | S . | | | | | | | | | +----[SHA256]-----+

→

-t - Specifies the type of key to create (ed25519 is modern and secure)

→

-f - Specifies the file name to save the private key

→

-N - Sets the passphrase for the key (empty means no passphrase)

This command copies your public key to the remote server's authorized keys file. This allows the server to recognize your key and let you log in without a password.

Terminal

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@remote-server

Expected OutputExpected

Number of key(s) added: 1 Now try logging into the machine, with: "ssh user@remote-server" and check to make sure that only the key(s) you wanted were added.

→

-i - Specifies the public key file to copy

This command connects you to the remote server using SSH. Because your public key is on the server, it will let you in without asking for a password.

Terminal

ssh user@remote-server

Expected OutputExpected

Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-50-generic x86_64) user@remote-server:~$

Key Concept

If you remember nothing else from this pattern, remember: your private key stays on your computer and your public key goes on the server to enable passwordless, secure login.

Common Mistakes

Not setting correct permissions on ~/.ssh or authorized_keys

SSH refuses to use keys if permissions are too open, causing login failures

Set ~/.ssh directory to 700 and authorized_keys file to 600 on the server

Copying the private key instead of the public key to the server

Private keys must never leave your computer; copying it to the server breaks security and won't work

Always copy the public key file (ending with .pub) to the server

Using ssh-copy-id without specifying the correct user or server

The key won't be added to the right place, so passwordless login fails

Double-check the username and server address before running ssh-copy-id

Summary

Generate an SSH key pair on your local machine with ssh-keygen.

Copy the public key to the remote server using ssh-copy-id.

Connect to the remote server with ssh to log in without a password.