Frequently Asked Question

How do I set up SSH key-based authentication?

Passwords are inconvenient and leakable; public-key authentication is the professional way to use SSH. Generate a key pair once with ssh-keygen -t ed25519 -C "you@example.com". This produces two files in ~/.ssh/: id_ed25519 (the private key, keep it secret, chmod 600, never copy it between machines) and id_ed25519.pub (the public key, safe to share). Ed25519 is the modern recommended algorithm; older tutorials still show RSA, which is fine if you specify -b 4096.

Copy your public key to a remote server with ssh-copy-id user@host. Behind the scenes this appends the contents of id_ed25519.pub to ~/.ssh/authorized_keys on the remote machine and sets the correct permissions. From now on ssh user@host logs you in without a password. A ~/.ssh/config file gives you shortcuts (Host, HostName, User, Port, IdentityFile) so ssh myserver does the right thing. For real security, also disable password authentication on the server (PasswordAuthentication no in /etc/ssh/sshd_config) once your key works.