Using SSH keys instead of passwords is a highly secure way to access your Linux server. SSH keys use strong encryption and are far more resistant to brute-force attacks and phishing than traditional passwords. With PowerShell on Windows, you can easily generate an SSH key pair and use it to connect to your server using the ssh -i command.
This guide covers generating keys, copying the public key to your server, and configuring the server to allow only key-based login. It also explains how to secure the authorized_keys file and disable password authentication for added protection. This setup is ideal for anyone managing a VPS or production server and helps ensure safe, password-free access.
Table of Contents
π Step 1: Allow Root Login Temporarily (Optional)
Only do this if root login is currently disabled and you need temporary access.
cd /etc/ssh/
vi sshd_configLook for the line: PermitRootLogin
Change it to:
PermitRootLogin yesSave and exit the editor.
Then restart SSH:
systemctl restart sshπ Step 2: Generate an SSH Key Pair on Your Local Machine
Run this command to create a strong RSA key pair (4096 bits):
ssh-keygen -t rsa -b 4096Youβll see output like this:
Enter file in which to save the key (C:\Users\yourname/.ssh/id_rsa): .ssh/ls
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/ls
Your public key has been saved in .ssh/ls.pubπ‘ Tip: If you leave the passphrase empty, login will be automatic. If you enter one, youβll need to type it each time (for added security).
π€ Step 3: Upload the Public Key to the Server
Copy the public key to the server using scp:
scp ~/.ssh/ls.pub root@192.168.1.11:/home/user1Then SSH into the server as root and run:
cd /home/user1
mkdir .ssh
mv ls.pub .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
chmod 700 .ssh
chown -R user1:user1/home/user1/.sshπ Secure the key file (optional but recommended):
sudo chattr +i /home/user1/.ssh/authorized_keysThis locks the file from being modified or deleted by mistake.
βοΈ Step 4: Configure the SSH Server for Key Authentication
Edit the SSH server configuration file:
vi /etc/ssh/sshd_configEnsure the following lines are set:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
PasswordAuthentication noThis enables key login and disables password login (more secure).
Restart SSH to apply changes:
systemctl restart sshβ Step 5: Login Using SSH Key
Now from your local machine, log in as the new user with the private key:
ssh -i ~/.ssh/ls user1@192.168.1.11If everything is set up correctly, youβll be logged in without entering a password!
π How to Create an SSH Alias for Easy Server Access
Typing a long SSH command every time (ssh -i ~/.ssh/ls user1@192.168.1.11) can be annoying. Instead, you can create a shortcut (alias) using the SSH config file. Once set up, youβll be able to connect with just one word like ssh web.
π Step-by-Step to Create an SSH Alias
Navigate to your .ssh directory in PowerShell:
cd ~/.sshCreate or edit the SSH config file:
notepad configOr if you prefer a terminal editor (like in Git Bash):
vi configAdd your server alias configuration (example):
Host WEB
Hostname 192.168.1.11
User user1
IdentityFile ~/.ssh/ls
ServerAliveInterval 60
ServerAliveCountMax 120
Save the file, and youβre done!
π How to Use the Alias
ssh WEBπ§ Basic Server Maintenance Commands (Once Logged In)
After logging into your server, it’s good to run regular updates:
sudo apt update # Fetch latest package info
sudo apt upgrade # Upgrade installed packages
sudo apt autoremove # Remove unused packages
sudo reboot # Reboot the system safelyThese commands keep your server clean, secure, and running smoothly.
