By using SSH keys, we can log into Linux without a password (and this is the recommended approach). This way, you won’t need to enter a password every time you SSH to Linux.
Generating Key Pairs
-
You can generate keys anywhere - on the client, server, or third party. Even in Vaultwarden for easy management, as long as you keep them secure. On Windows/Mac/Linux, enter:
ssh-keygen -
Keys are typically generated in
C:\Users\Username\.ssh\. A public key (id_rsa.puborid_ed25519.pub) and a private key are created as a pair.
Server Side
-
The server needs to keep the public key. The client keeps the private key (which must not be exposed).
-
Check if there’s a
.sshdirectory in Linux. If not, create it:cd ~ mkdir -p ~/.ssh chmod 700 ~/.ssh -
Upload the public key to Linux, or copy and paste directly:
cd C:\Users\Username\.ssh\ scp .\id_rsa.pub username@address:~/.ssh scp .\id_ed25519.pub username@address:~/.ssh -
Check if there’s an
authorized_keysfile in Linux. If not, create it:cd ~/.ssh touch authorized_keys chmod 600 ./authorized_keys cat id_rsa.pub >> ./authorized_keys cat id_ed25519.pub >> ./authorized_keys -
After adding, you can delete the public key files:
cd ~/.ssh rm id_rsa.pub rm id_ed25519.pub
Client Side
-
You can specify key pairs in the
configfile on the client. On Windows, this is atC:\Users\Username\.ssh\config:Host host1 # Server hostname HostName hostname1 # Server IP or URL User admin # User IdentityFile "C:\Users\Username\.ssh\id_ed25519" # Local private key path Host host2 HostName hostname2 User admin IdentityFile "C:\Users\Username\.ssh\id_pem" -
If not specified, it defaults to using the
id_ed25519private key. Note that oneid_ed25519file can only contain one private key.
After configuration, you can log into Linux without a password.