ssh gideon@192.168.1.10
gideon@192.168.1.10’s password:
(...typing...)
Permission denied, please try again.
(...louder typing...)
Permission denied, please try again.
(...SIGH...)
You know that moment.
You’re ready to deploy, in your zone, and SSH decides to make you type a 14-character password from memory. Twice. Maybe three times if your pinky slips.
It’s 2025. We can do better.
In this quick guide, we’re going to set up passwordless SSH the right way using modern cryptography, secure defaults, and a workflow that’s actually worth your muscle memory.
🧠 Why “Passwordless” Isn’t Really Passwordless
Let’s clear something up.
“Passwordless” is catchy, but what we’re actually setting up is key-based authentication.
Here’s how it works:
- 🔐
id_ed25519→ your private key (never leaves your local machine) - 🔓
id_ed25519.pub→ your public key (lives on the server)
The private key is your secret signature. The public key is the lock it fits into. Together, they create a secure, unguessable login handshake with no password guessing or brute forcing.
⚙️ Step 1: Generate Your Modern SSH Key
Forget RSA, it’s 2025. The gold standard now is ED25519, which is faster, smaller, and more secure.
On your local machine, run:
ssh-keygen -t ed25519 -C "your_email@example.com"
You’ll be asked two things:
-
Where to save the key: Press Enter for default (
~/.ssh/id_ed25519) - Passphrase: Yes, you should use one.
💡 Think of your passphrase as a password for your key, not for the server.
If your laptop gets stolen, your private key is useless without it.
This gives you a key pair in ~/.ssh/:
id_ed25519 # private
id_ed25519.pub # public
🔁 Step 2: Copy Your Key to the Server
The easy way (and the correct one) is:
ssh-copy-id user@your_server_ip
You’ll enter your password one last time, and the command takes care of everything — creating ~/.ssh, setting permissions, and adding your public key to authorized_keys.
If ssh-copy-id Isn’t Installed (Manual Method)
Run this instead:
cat ~/.ssh/id_ed25519.pub | ssh user@your_server_ip "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
This manually sets up your public key on the remote server with proper permissions.
Not as elegant, but bulletproof.
🪄 Step 3: The Moment of Truth
Now, log in again:
ssh user@your_server_ip
If you didn’t use a passphrase, boom, you’re in instantly.
If you did, you’ll see:
Enter passphrase for key '/home/you/.ssh/id_ed25519':
Type it once, and you’re in securely.
That’s progress.
🧠 Step 4: Go Fully Passwordless with ssh-agent
You might be thinking,
“Wait… didn’t I just replace one password with another?”
Here’s the fix: use an SSH agent to remember your key for your whole session.
Start the agent:
eval "$(ssh-agent -s)"
Then add your key:
ssh-add ~/.ssh/id_ed25519
Enter your passphrase once, and that’s it.
Now you can SSH into your servers all day, password-free.
✅ Pro tip: add this to your
.bashrcor.zshrc:eval "$(ssh-agent -s)" > /dev/null ssh-add ~/.ssh/id_ed25519So your session auto-loads your key each login.
🔒 Step 5: Lock It Down — Disable Password Logins
Your key works. You’re fast.
Now let’s make it secure.
Log into your server (using your key), then edit SSH’s config:
sudo nano /etc/ssh/sshd_config
Find:
PasswordAuthentication yes
Change to:
PasswordAuthentication no
Also, set:
PermitRootLogin no
Then restart SSH:
sudo systemctl restart sshd
⚠️ IMPORTANT: Before restarting SSH, open a second terminal and confirm your key login works.
If you lock yourself out, you’ll need physical server access or console recovery.
🧾 Quick Reference
| Task | Command |
|---|---|
| Generate Key | ssh-keygen -t ed25519 -C "email@example.com" |
| Copy Key | ssh-copy-id user@server |
| Start Agent | eval "$(ssh-agent -s)" |
| Add Key | ssh-add ~/.ssh/id_ed25519 |
| Disable Passwords | Edit /etc/ssh/sshd_config
|
✅ Security Checklist
- [x] SSH key authentication enabled
- [x] Password login disabled
- [x] Root login disabled
- [x] SSH agent configured
- [x] Keys backed up securely
🧩 FAQs
Q: Does this work on Ubuntu, CentOS, and macOS?
A: Yes, the commands are the same. Just ensure the openssh-server package is installed on Linux.
Q: What’s the difference between password and key authentication?
A: Passwords can be guessed. Keys can’t. They use asymmetric cryptography, which is exponentially more secure.
Q: Can I use the same key for multiple servers?
A: Yes, and you should. Just copy your .pub key to each one.
🎯 The Payoff
Next time you type:
ssh user@server
and it just works, no password, no delay, that’s freedom.
You’ve traded frustration for flow.
You’ve replaced brute force with elegance.
And you’ve taken one big step toward a cleaner, more secure workflow.
💬 What’s Your SSH Pro Tip?
Do you use a ~/.ssh/config file? Maybe multiplexing or ControlMaster connections?
Drop your favorite SSH trick in the comments — I’ll feature the best ones in the follow-up: “Advanced SSH Hardening for 2025.”
Top comments (0)